Membership For Woocommerce
Monthly
Arbitrary file deletion in WP Swings' Membership For WooCommerce WordPress plugin (all versions up to and including 3.1.0) lets remote attackers delete files outside the intended directory via unsanitized path input. The CVSS vector (PR:N) indicates the flaw is reachable without authentication, and the scope-changed rating reflects that deletion of critical files (e.g., wp-config.php) can break or reset the entire WordPress site. No public exploit has been identified at time of analysis; the issue was reported by Patchstack.
Arbitrary file deletion in WP Swings' Membership For WooCommerce WordPress plugin (all versions up to and including 3.1.0) lets remote attackers delete files outside the intended directory via unsanitized path input. The CVSS vector (PR:N) indicates the flaw is reachable without authentication, and the scope-changed rating reflects that deletion of critical files (e.g., wp-config.php) can break or reset the entire WordPress site. No public exploit has been identified at time of analysis; the issue was reported by Patchstack.