{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9215", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-08-19T20:03:22.388Z", "datePublished": "2025-09-17T06:17:47.572Z", "dateUpdated": "2026-04-08T16:34:03.186Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:03.186Z"}, "affected": [{"vendor": "kodezen", "product": "StoreEngine \u2014 Complete eCommerce Solution with Memberships, Licensing, Affiliates & More", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07b1dc05-1340-4ea3-9315-3e1ca4a0cb7f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/storeengine/trunk/addons/csv/ajax/export.php#L47"}, {"url": "https://github.com/d0n601/CVE-2025-9215"}, {"url": "https://ryankozak.com/posts/cve-2025-9215/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3360097/storeengine/trunk/addons/csv/ajax/export.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ryan Kozak"}], "timeline": [{"time": "2025-09-07T19:24:38.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-16T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-17T12:51:40.073150Z", "id": "CVE-2025-9215", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T12:51:48.860Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9215", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-17T12:51:40.073150Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-17T12:51:44.727Z"}}], "cna": {"title": "StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More <= 1.5.0 - Authenticated (Subscriber+) Arbitrary File Download", "credits": [{"lang": "en", "type": "finder", "value": "Ryan Kozak"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 6.5, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "kodezen", "product": "StoreEngine \u2014 Complete eCommerce Solution with Memberships, Licensing, Affiliates & More", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.5.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-07T19:24:38.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-16T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07b1dc05-1340-4ea3-9315-3e1ca4a0cb7f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/storeengine/trunk/addons/csv/ajax/export.php#L47"}, {"url": "https://github.com/d0n601/CVE-2025-9215"}, {"url": "https://ryankozak.com/posts/cve-2025-9215/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3360097/storeengine/trunk/addons/csv/ajax/export.php"}], "descriptions": [{"lang": "en", "value": "The StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:03.186Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9215", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:34:03.186Z", "dateReserved": "2025-08-19T20:03:22.388Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-17T06:17:47.572Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales & More plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the file_download() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El plugin StoreEngine \u2013 Powerful WordPress eCommerce Plugin for Payments, Memberships, Affiliates, Sales &amp; More para WordPress es vulnerable a salto de ruta en todas las versiones hasta la 1.5.0, inclusive, a trav\u00e9s de la funci\u00f3n file_download(). Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, lean el contenido de archivos arbitrarios en el servidor, lo que puede contener informaci\u00f3n sensible."}], "id": "CVE-2025-9215", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-17T07:15:42.280", "references": [{"source": "security@wordfence.com", "url": "https://github.com/d0n601/CVE-2025-9215"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/storeengine/trunk/addons/csv/ajax/export.php#L47"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3360097/storeengine/trunk/addons/csv/ajax/export.php"}, {"source": "security@wordfence.com", "url": "https://ryankozak.com/posts/cve-2025-9215/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/07b1dc05-1340-4ea3-9315-3e1ca4a0cb7f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:18:22.628072+00:00", "value": {"mitigation_remediation": ["Update the StoreEngine plugin to a version newer than 1.5.0.", "If immediate patching is not possible, restrict the plugin\u2019s file_download feature to admin users only, or remove the capability from all lower\u2011privilege accounts such as Subscribers.", "Configure web\u2011server access controls or use a reverse proxy to block path traversal requests to sensitive directories, ensuring that the plugin cannot read beyond its intended export directory."], "summary": {"action": "Apply Patch", "impact": "Authenticated arbitrary file download (Path Traversal)"}, "threat_synthesis": {"affected_systems": "The affected product is the StoreEngine plugin developed by kodezen. All released versions up to and including 1.5.0 are impacted. The issue resides in the add\u2011on CSV export path and affects any WordPress installation that has this plugin active. No specific minor revisions are listed beyond the 1.5.0 boundary.", "description_and_impact": "The vulnerability in the StoreEngine WordPress eCommerce plugin permits authenticated users with Subscriber level or higher to trigger a path traversal via the file_download() function. This flaw allows attackers to retrieve the contents of any file on the server that the web process can read. While the flaw does not directly trigger code execution, it leads to potential disclosure of sensitive configuration files or credentials, compromising the confidentiality of the site. The weakness is a straight path traversal issue (CWE-22).", "risk_and_exploitability": "The CVSS rating of 6.5 indicates a moderate severity, and the EPSS probability is below 1%, meaning exploitation is expected to be uncommon. The flaw is not listed in the CISA KEV catalog, suggesting limited known exploitation. However, the attack vector requires only a legitimate subscriber account, which is a common role in eCommerce sites. If the site stores sensitive user data or system files, the potential impact of data exposure is significant, especially in a broader supply\u2011chain context."}}}}, "created": "2026-04-22T14:30:18.954150+00:00", "updated": "2026-04-22T14:30:18.954163+00:00", "vendors": []}