The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory.
This "CVE-2017-17058" is very vague, and looking for the code, it's not possible a Directory Traversal Attack, since we stop all direct access in all template files with:
Hi there!
A user brings this to our attention: https://nvd.nist.gov/vuln/detail/CVE-2017-17058
Allegedly, "When you dork with this,it will generate juciy information in parent
directory , for best practice filter according to the country."
The text was updated successfully, but these errors were encountered: