DirectSoftware Order Attachments for WooCommerce
0 remedies
cpe:2.3:a:directsoftware:order_attachments_for_woocommerce:*:*:*:*:wordpress:*:*
0 remedies
- <= 2.5.1
Order Attachments for WooCommerce Sensitive Information Exposure Vulnerability
Vulnerability
A vulnerability allowing sensitive information exposure has been identified in the Order Attachments for WooCommerce plugin for WordPress. This issue affects all versions through 2.5.1 and arises from the plugin's handling of file attachments related to orders. Unauthenticated attackers can exploit this vulnerability to access sensitive data stored in the 'uploads' directory, specifically within the '/wp-content/uploads' folder, which may contain private file attachments associated with customer orders.
Impact
Exploitation of this vulnerability could lead to unauthorized access to sensitive information, including private file attachments from customer orders.
Reproduction
The vulnerability can be reproduced by accessing the 'uploads' directory on a WordPress site with the vulnerable version of the Order Attachments for WooCommerce plugin. Unauthenticated users can extract sensitive data, such as file attachments added to orders, from the '/wp-content/uploads' directory.
Remediation
Users are advised to update the Order Attachments for WooCommerce plugin to the latest version.
Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM
Vulnerability Rating
Custom Algorithm
spread
3.4impact
2.5exploitability
8.6remediation
0.0relevance
0.0threat
4.8urgency
2.9incentive
5.8Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.