๐Ÿ” CVE Alert

CVE-2026-25328

MEDIUM 6.8

WordPress Product File Upload for WooCommerce plugin <= 2.2.4 - Arbitrary File Deletion vulnerability

CVSS Score
6.8
EPSS Score
0.0%
EPSS Percentile
7th

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through <= 2.2.4.

CWE CWE-22
Vendor add-ons.org
Product product file upload for woocommerce
Published Mar 25, 2026
Last Updated Mar 26, 2026
Stay Ahead of the Next One

Get instant alerts for add-ons.org product file upload for woocommerce

Be the first to know when new medium vulnerabilities affecting add-ons.org product file upload for woocommerce are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

add-ons.org / Product File Upload for WooCommerce
n/a โ‰ค <= 2.2.4

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
patchstack.com: https://patchstack.com/database/Wordpress/Plugin/products-file-upload-for-woocommerce/vulnerability/wordpress-product-file-upload-for-woocommerce-plugin-2-2-4-arbitrary-file-deletion-vulnerability?_s_id=cve

Credits

Denver Jackson | Patchstack Bug Bounty Program