Primary

Context

YML for Yandex Market Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Patched

A path traversal vulnerability has been identified in the YML for Yandex Market WordPress plugin, affecting versions prior to 5.3.0. This vulnerability allows for improper limitation of a pathname, which could be exploited to delete arbitrary files from the website. Such file deletion could disrupt the site's functionality, especially if core files are removed.

Impact

Exploitation of this vulnerability could lead to arbitrary file deletion on the affected WordPress site. This could cause significant disruption, particularly if essential core files are deleted, potentially breaking the site's functionality.

Remediation

Users of the YML for Yandex Market WordPress plugin should update to version 5.3.0 or later. Patchstack users can enable auto-update for vulnerable plugins.

Added: Mar 25, 2026, 5:36 PM

Updated: Mar 25, 2026, 5:36 PM

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.3

exploitability

5.4

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

1.0

impact

3.3

exploitability

5.4

remediation

7.9

relevance

4.7

threat

0.0

urgency

2.9

incentive

0.0

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

YML for Yandex Market Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

icopydoc YML for Yandex Market

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating