CVE-2025-1769

Summary

CVE-2025-1769: The WooCommerce Import Export Product CSV Suite plugin for WordPress, versions up to 2.5.0, has a Directory Traversal vulnerability. This issue allows authenticated attackers with Administrator-level access to read arbitrary log files on the server via the download_file() function. The potentially sensitive information contained in these log files poses a security risk. This vulnerability, identified as CVE-2025-1769, exists in the WooCommerce Import Export Product CSV Suite plugin, affecting all versions up to and including 2.5.0. Authenticated attackers with Administrator-level access can exploit the download_file() function to traverse directories and access arbitrary log files on the server. The exposure of log file contents, which may contain sensitive information, represents a security risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.