Primary

Context

WooODT Lite Full Path Disclosure Vulnerability

Vulnerability

A full path disclosure vulnerability exists in the WooODT Lite – Delivery & Pickup Date Time Location for WooCommerce plugin for WordPress, affecting all versions through 2.5.1. The vulnerability arises because the 'bycwooodt_get_all_orders.php' file is publicly accessible and can generate error messages visible to users. This exposure allows unauthenticated attackers to retrieve the full path of the web application, potentially aiding in the exploitation of other vulnerabilities. While the disclosed information alone is not harmful, it could be used in conjunction with another vulnerability to compromise an affected website.

Impact

Exploitation of this vulnerability allows for full path disclosure, which could assist in exploiting other vulnerabilities on the site.

Remediation

Users are advised to update the WooODT Lite – Delivery & Pickup Date Time Location for WooCommerce plugin to version 2.5.2 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

8.1

remediation

7.7

relevance

0.0

threat

3.2

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WooODT Lite Full Path Disclosure Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating