Skip to content

Does WC have a directory transversal vulnerability?  #17964

Closed
@dsmithweb

Description

@dsmithweb

Hi there!

A user brings this to our attention: https://nvd.nist.gov/vuln/detail/CVE-2017-17058

The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory.

Allegedly, "When you dork with this,it will generate juciy information in parent
directory , for best practice filter according to the country
."

Metadata

Metadata

Assignees

No one assigned

    Labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions