CVE-2025-26933
CVE-2025-26933
Título es
CVE-2025-26933
Lun, 10/03/2025 – 15:15
Tipo
CWE-98
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-26933
Descripción en
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7.
10/03/2025
10/03/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
7.50
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
https://patchstack.com/database/wordpress/plugin/wc-place-order-without-payment/vulnerability/wordpress-place-order-without-payment-for-woocommerce-plugin-2-6-7-local-file-inclusion-vulnerability?_s_id=cve
Enviar en el boletín
Off
