Plattform
wordpress
Komponente
woosa-ai-for-woocommerce
Behoben in
1.3.1
CVE-2025-14301 is a critical Path Traversal vulnerability discovered in the Integration Opvius AI for WooCommerce plugin for WordPress. This flaw allows unauthenticated attackers to manipulate file paths, potentially leading to unauthorized file access and deletion. The vulnerability affects versions 0.0.0 through 1.3.0, and a patch is expected to be released by the vendor.
The impact of CVE-2025-14301 is severe. An attacker can leverage the processtablebulk_actions() function to delete or download arbitrary files on the WordPress server. This includes critical system files like wp-config.php, which contains database credentials and other sensitive configuration information. Successful exploitation could lead to complete server compromise, data exfiltration, and denial of service. The lack of authentication checks and proper path validation makes this vulnerability particularly dangerous, as any unauthenticated user can trigger the vulnerability by crafting a malicious POST request.
This vulnerability is considered high risk due to its critical CVSS score and the ease of exploitation. Public proof-of-concept code is likely to emerge quickly, increasing the risk of widespread exploitation. The vulnerability was publicly disclosed on 2026-01-14. Monitor security advisories and vulnerability databases for updates and potential exploitation campaigns.
WordPress websites utilizing the Integration Opvius AI for WooCommerce plugin, particularly those running vulnerable versions (0.0.0–1.3.0), are at significant risk. Shared hosting environments where multiple websites share the same server resources are especially vulnerable, as a compromise of one site could potentially impact others.
• wordpress / composer / npm:
grep -r 'wsaw-log[]' /var/www/html/wp-content/plugins/integration-opvius-ai-for-woocommerce/• generic web:
curl -I 'https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=process_table_bulk_actions&wsaw-log%5B%5D=../../../../wp-config.php' # Check for 200 OK response indicating successful file accessdisclosure
Exploit-Status
EPSS
0.08% (24% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-14301 is to immediately upgrade the Integration Opvius AI for WooCommerce plugin to a patched version as soon as it becomes available. Until a patch is released, consider temporarily disabling the plugin to prevent exploitation. As a short-term workaround, implement strict file permissions on the WordPress server to limit the impact of potential file deletion. Review web server access logs for suspicious POST requests containing the wsaw-log[] parameter. After upgrading, verify the integrity of critical WordPress files, such as wp-config.php, to ensure they haven't been tampered with.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14301 is a critical Path Traversal vulnerability affecting versions 0.0.0–1.3.0 of the Integration Opvius AI for WooCommerce plugin, allowing attackers to access or delete files.
If you are using Opvius AI for WooCommerce versions 0.0.0 through 1.3.0, you are potentially affected and should upgrade immediately.
Upgrade to the latest version of the Integration Opvius AI for WooCommerce plugin as soon as a patched version is released. Temporarily disable the plugin if an upgrade is not immediately available.
While active exploitation is not yet confirmed, the vulnerability's critical severity and ease of exploitation suggest it is likely to be targeted soon.
Refer to the Opvius AI website and WordPress plugin repository for official advisories and updates regarding CVE-2025-14301.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.