Woosa Marktplaats For Woocommerce
Monthly
Arbitrary file read via path traversal in the Woosa - Marktplaats for WooCommerce WordPress plugin (versions up to and including 2.0.4) permits authenticated WordPress administrators to escape the plugin's log directory and access any file readable by the web server process, including the sensitive wp-config.php file. The flaw exists in the render_logs_ui() function within class-module-logger-hook-settings.php, which decodes a base64-supplied filename from the log_file GET parameter and concatenates it with the log directory path without any boundary enforcement. No public exploit code or active exploitation has been identified at time of analysis; the attack surface is meaningfully constrained by the Administrator-level privilege requirement (PR:H), though successful exploitation could cascade into full site compromise via exposed database credentials.
Arbitrary file read via path traversal in the Woosa - Marktplaats for WooCommerce WordPress plugin (versions up to and including 2.0.4) permits authenticated WordPress administrators to escape the plugin's log directory and access any file readable by the web server process, including the sensitive wp-config.php file. The flaw exists in the render_logs_ui() function within class-module-logger-hook-settings.php, which decodes a base64-supplied filename from the log_file GET parameter and concatenates it with the log directory path without any boundary enforcement. No public exploit code or active exploitation has been identified at time of analysis; the attack surface is meaningfully constrained by the Administrator-level privilege requirement (PR:H), though successful exploitation could cascade into full site compromise via exposed database credentials.