Skip to main content

Wpc Product Options For Woocommerce

1 CVEs product

Monthly

CVE-2026-49061 HIGH This Week

Unauthenticated arbitrary file download in the WPC Product Options for WooCommerce WordPress plugin (versions ≤ 3.2.1) allows remote attackers to retrieve arbitrary files from the underlying server without any credentials. The flaw is a classic path traversal (CWE-22) reachable over the network at low complexity, and while no public exploit identified at time of analysis, the disclosure by Patchstack and trivial attack profile make opportunistic scanning likely against WooCommerce storefronts running this plugin.

Path Traversal WordPress Wpc Product Options For Woocommerce
NVD
CVSS 3.1
7.5
EPSS
0.4%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated arbitrary file download in the WPC Product Options for WooCommerce WordPress plugin (versions ≤ 3.2.1) allows remote attackers to retrieve arbitrary files from the underlying server without any credentials. The flaw is a classic path traversal (CWE-22) reachable over the network at low complexity, and while no public exploit identified at time of analysis, the disclosure by Patchstack and trivial attack profile make opportunistic scanning likely against WooCommerce storefronts running this plugin.

Path Traversal WordPress Wpc Product Options For Woocommerce
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy