Ar For Woocommerce
Monthly
Arbitrary file read in the AR for WooCommerce WordPress plugin (all versions through 8.40) lets unauthenticated attackers traverse directories via the 'file' parameter of AJAX-driven secure-download handlers, exposing wp-config.php, credentials, and other sensitive server files. The vulnerability is notable because three independent access controls - nonce validation, AES-256-CBC payload encryption, and a Referer check - each fail on default free installations, collapsing what looks like a defended endpoint into an open file-disclosure primitive. No public exploit identified at time of analysis, but the flaw is trivially reachable and was reported by Wordfence.
Arbitrary file read in the AR for WooCommerce WordPress plugin (all versions through 8.40) lets unauthenticated attackers traverse directories via the 'file' parameter of AJAX-driven secure-download handlers, exposing wp-config.php, credentials, and other sensitive server files. The vulnerability is notable because three independent access controls - nonce validation, AES-256-CBC payload encryption, and a Referer check - each fail on default free installations, collapsing what looks like a defended endpoint into an open file-disclosure primitive. No public exploit identified at time of analysis, but the flaw is trivially reachable and was reported by Wordfence.