{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1769", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-27T23:32:47.829Z", "datePublished": "2025-03-26T11:22:09.346Z", "dateUpdated": "2026-04-08T16:51:37.824Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:51:37.824Z"}, "affected": [{"vendor": "webtoffee", "product": "Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "2.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information."}], "title": "Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4df60fbe-4475-4cbf-b497-a9c5251bc91f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/product-import-export-for-woo/trunk/admin/modules/history/history.php#L753"}, {"url": "https://wordpress.org/plugins/product-import-export-for-woo/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3261194/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Hay Mizrachi"}], "timeline": [{"time": "2025-03-25T23:20:01.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-03-26T13:34:13.937851Z", "id": "CVE-2025-1769", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T13:34:26.390Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1769", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-03-26T13:34:13.937851Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-03-26T13:34:22.025Z"}}], "cna": {"title": "Product Import Export for WooCommerce <= 2.5.0 - Directory Traversal to Authenticated (Administrator+) Limited Arbitrary File Read via download_file Function", "credits": [{"lang": "en", "type": "finder", "value": "Hay Mizrachi"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "webtoffee", "product": "Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "2.5.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-03-25T23:20:01.000+00:00", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4df60fbe-4475-4cbf-b497-a9c5251bc91f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/product-import-export-for-woo/trunk/admin/modules/history/history.php#L753"}, {"url": "https://wordpress.org/plugins/product-import-export-for-woo/#developers"}, {"url": "https://plugins.trac.wordpress.org/changeset/3261194/"}], "descriptions": [{"lang": "en", "value": "The Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-03-26T11:22:09.346Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1769", "state": "PUBLISHED", "dateUpdated": "2025-03-26T13:34:26.390Z", "dateReserved": "2025-02-27T23:32:47.829Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-03-26T11:22:09.346Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:webtoffee:product_import_export_for_woocommerce:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "20BB9A46-07D4-49F8-B399-8B34D8658A4B", "versionEndExcluding": "2.5.1", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.5.0 via the download_file() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary log files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite para WordPress es vulnerable a la navegaci\u00f3n de directorios en todas las versiones hasta la 2.5.0 incluida, a trav\u00e9s de la funci\u00f3n download_file(). Esto permite que atacantes autenticados, con acceso de administrador o superior, lean el contenido de archivos de registro arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "id": "CVE-2025-1769", "lastModified": "2025-07-09T16:57:42.397", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-03-26T12:15:15.040", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/product-import-export-for-woo/trunk/admin/modules/history/history.php#L753"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3261194/"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://wordpress.org/plugins/product-import-export-for-woo/#developers"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/4df60fbe-4475-4cbf-b497-a9c5251bc91f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T21:39:27.696311+00:00", "value": {"mitigation_remediation": ["Upgrade the plugin to a version newer than 2.5.0 that implements proper path validation to eliminate directory traversal.", "Ensure server file permissions and WordPress user roles limit access to sensitive logs; consider restricting the log directory to non\u2011public locations.", "Audit the server after upgrading, verifying that the download_file endpoint no longer accepts arbitrary paths and that no residual copies of older plugin files remain."], "summary": {"action": "Update Plugin", "impact": "Information Disclosure"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the Product Import Export for WooCommerce \u2013 Import Export Product CSV Suite plugin with a version 2.5.0 or earlier are vulnerable. Administrators can trigger the flaw through the download_file endpoint to retrieve any accessible file.", "description_and_impact": "The product Import Export for WooCommerce for WordPress has a directory traversal flaw in the download_file() function that affects all releases up to and including 2.5.0. This weakness (CWE-22) allows attackers who are already authenticated as administrators or higher to read arbitrary server files, such as log files, which may contain sensitive data.", "risk_and_exploitability": "The CVSS score of 4.9 rates the issue as moderate severity. The EPSS score is less than 1\u202f%, indicating a low probability of active exploitation, and the flaw is not listed in the CISA KEV catalog. Exploitation requires valid administrative credentials; once logged in, an attacker can use the vulnerable function to request arbitrary file paths, bypassing normal access controls. No publicly available exploit code has been reported in the official data."}}}}, "created": "2026-04-21T21:45:25.846837+00:00", "updated": "2026-04-21T21:45:25.846848+00:00", "vendors": []}