Skip to main content

Membership For Woocommerce

1 CVEs product

Monthly

CVE-2026-57709 HIGH This Week

Arbitrary file deletion in WP Swings' Membership For WooCommerce WordPress plugin (all versions up to and including 3.1.0) lets remote attackers delete files outside the intended directory via unsanitized path input. The CVSS vector (PR:N) indicates the flaw is reachable without authentication, and the scope-changed rating reflects that deletion of critical files (e.g., wp-config.php) can break or reset the entire WordPress site. No public exploit has been identified at time of analysis; the issue was reported by Patchstack.

Path Traversal WordPress Membership For Woocommerce
NVD
CVSS 3.1
8.6
EPSS
0.5%
EPSS 1% CVSS 8.6
HIGH This Week

Arbitrary file deletion in WP Swings' Membership For WooCommerce WordPress plugin (all versions up to and including 3.1.0) lets remote attackers delete files outside the intended directory via unsanitized path input. The CVSS vector (PR:N) indicates the flaw is reachable without authentication, and the scope-changed rating reflects that deletion of critical files (e.g., wp-config.php) can break or reset the entire WordPress site. No public exploit has been identified at time of analysis; the issue was reported by Patchstack.

Path Traversal WordPress Membership For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy