{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69325", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:12:18.800Z", "datePublished": "2026-02-20T15:46:49.332Z", "dateUpdated": "2026-04-28T20:52:37.195Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "primer-mydata", "product": "Primer MyData for Woocommerce", "vendor": "primersoftware", "versions": [{"changes": [{"at": "4.2.9", "status": "unaffected"}], "lessThanOrEqual": "4.2.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Skalucy | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:03:41.881Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.<p>This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.</p>"}], "value": "Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-35", "description": "Path Traversal: '.../...//'", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:37.636Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/primer-mydata/vulnerability/wordpress-primer-mydata-for-woocommerce-plugin-4-2-8-path-traversal-vulnerability?_s_id=cve"}], "title": "WordPress Primer MyData for Woocommerce plugin <= 4.2.8 - Path Traversal vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-24T18:48:45.275140Z", "id": "CVE-2025-69325", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T20:52:37.195Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 5.3, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "LOW"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69325", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-24T18:48:45.275140Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-24T18:48:59.404Z"}}], "cna": {"title": "WordPress Primer MyData for Woocommerce plugin <= 4.2.8 - Path Traversal vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Skalucy | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "Path Traversal"}]}], "affected": [{"vendor": "primersoftware", "product": "Primer MyData for Woocommerce", "versions": [{"status": "affected", "changes": [{"at": "4.2.9", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "4.2.8"}], "packageName": "primer-mydata", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:03:41.881Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/primer-mydata/vulnerability/wordpress-primer-mydata-for-woocommerce-plugin-4-2-8-path-traversal-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.", "supportingMedia": [{"type": "text/html", "value": "Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.<p>This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-35", "description": "Path Traversal: '.../...//'"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:13:16.164Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69325", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:13:16.164Z", "dateReserved": "2025-12-31T20:12:18.800Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-20T15:46:49.332Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Path Traversal: '.../...//' vulnerability in primersoftware Primer MyData for Woocommerce primer-mydata allows Path Traversal.This issue affects Primer MyData for Woocommerce: from n/a through <= 4.2.8."}, {"lang": "es", "value": "Salto de ruta: la vulnerabilidad '.../...//' en primersoftware Primer MyData for Woocommerce primer-mydata permite el salto de ruta. Este problema afecta a Primer MyData for Woocommerce: desde N/A hasta &lt;= 4.2.8."}], "id": "CVE-2025-69325", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 5.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 1.4, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T16:22:19.787", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/primer-mydata/vulnerability/wordpress-primer-mydata-for-woocommerce-plugin-4-2-8-path-traversal-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-35"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,4.2.8]"}}, {"platform": null, "status": "unaffected", "versions": {"scheme": "semver", "value": "4.2.9"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Primer MyData for Woocommerce", "source": "cna", "vendor": "primersoftware"}, "product": "primer_mydata_for_woocommerce", "vendor": "primersoftware"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-28T09:31:44.128804+00:00", "value": {"mitigation_remediation": ["Upgrade the Primer MyData for Woocommerce plugin to the latest release (greater than version 4.2.8).", "If an immediate upgrade is not possible, disable the plugin or remove it from the WordPress installation to eliminate the attack surface.", "Implement stricter file system permissions on the WordPress server so that the web process cannot read sensitive files outside the intended directories."], "summary": {"action": "Apply Patch", "impact": "File Disclosure"}, "threat_synthesis": {"affected_systems": "Users running PrimerSoftware's Primer MyData for Woocommerce plugin on WordPress, specifically versions from the earliest release up through 4.2.8 are susceptible.", "description_and_impact": "The vulnerability is a Path Traversal flaw in the Primer MyData for Woocommerce plugin that allows an attacker to craft a request containing special characters that bypass directory boundary checks. The flaw can lead to reading files outside the intended document root, potentially exposing sensitive configuration or user data. The weakness is identified as CWE-35.", "risk_and_exploitability": "The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% suggests a low probability of exploitation in the wild. The vulnerability is not listed in the CISA KEV catalog. It is inferred that a remote attacker could exploit this flaw by sending crafted HTTP requests to the plugin's endpoints."}}}}, "created": "2026-02-23T14:37:31.598870+00:00", "updated": "2026-04-28T09:45:28.443777+00:00", "vendors": ["primersoftware", "primersoftware$PRODUCT$primer_mydata_for_woocommerce", "wordpress", "wordpress$PRODUCT$wordpress"]}