Volerion logoVolerion
Volerion logoVolerion

BigBuy Dropshipping Connector for WooCommerce Full Path Disclosure Vulnerability

Vulnerability

A full path disclosure vulnerability has been identified in the BigBuy Dropshipping Connector for WooCommerce plugin, affecting all versions prior to and including 2.0.0. The vulnerability arises because the 'generate-default.php' file in the '/vendor/cocur/slugify/bin/' directory is directly accessible, leading to an error that reveals the full path of the web application. This information could assist in exploiting other vulnerabilities, although on its own, it is not harmful and requires the presence of another vulnerability to cause damage to the website.

Impact

Exploitation of this vulnerability allows unauthenticated attackers to access the full file path of the WordPress installation, which could be used to facilitate further attacks, especially if other vulnerabilities are present.

Remediation

Users are advised to update the BigBuy Dropshipping Connector for WooCommerce plugin to version 2.0.1 or a later patched version.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
2.2
impact
0.6
exploitability
8.2
remediation
7.7
relevance
0.0
threat
3.2
urgency
2.9
incentive
5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.