Plattform
wordpress
Komponente
opal-woo-custom-product-variation
Behoben in
1.2.1
CVE-2025-47535 describes an Arbitrary File Access vulnerability within the Opal Woo Custom Product Variation plugin for WordPress. This flaw allows attackers to potentially read sensitive files on the server by manipulating file paths. Versions of the plugin from 0.0 up to and including 1.2.0 are affected. A patch has been released in version 1.2.1.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access restrictions and read arbitrary files on the server hosting the WordPress site. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the web server and its data. The impact is amplified if the server hosts other sensitive applications or data. While the vulnerability requires path traversal manipulation, the potential for data exposure is significant.
CVE-2025-47535 was publicly disclosed on 2025-05-23. There is no indication of this vulnerability being actively exploited at this time. The vulnerability's ease of exploitation and potential impact warrant close monitoring. No KEV listing is currently available.
WordPress websites using the Opal Woo Custom Product Variation plugin, particularly those running older versions (0.0 - 1.2.0), are at risk. Shared hosting environments are especially vulnerable, as a compromise of one website can potentially affect others on the same server. Sites with weak file permissions or inadequate WAF protection are also at increased risk.
• wordpress / composer / npm:
grep -r '../' /var/www/html/wp-content/plugins/opal-woo-custom-product-variation/*• generic web:
curl -I 'https://your-wordpress-site.com/wp-content/plugins/opal-woo-custom-product-variation/../../../../etc/passwd' # Check for file disclosuredisclosure
Exploit-Status
EPSS
0.38% (59% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-47535 is to immediately upgrade the Opal Woo Custom Product Variation plugin to version 1.2.1 or later. If upgrading is not immediately possible due to compatibility issues or breaking changes, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Restrict file permissions on sensitive files to prevent unauthorized access. Regularly scan the WordPress installation for vulnerabilities using a security plugin.
Actualice el plugin Opal Woo Custom Product Variation a la última versión disponible para mitigar la vulnerabilidad de recorrido de ruta. Verifique las actualizaciones disponibles en el repositorio de WordPress o en el sitio web del desarrollador. Asegúrese de realizar una copia de seguridad completa del sitio antes de aplicar cualquier actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-47535 is a HIGH severity vulnerability allowing attackers to read files outside the intended directory in the Opal Woo Custom Product Variation plugin. It affects versions 0.0 through 1.2.0.
If you are using Opal Woo Custom Product Variation version 0.0 - 1.2.0 on your WordPress site, you are potentially affected by this vulnerability.
Upgrade the Opal Woo Custom Product Variation plugin to version 1.2.1 or later to resolve this vulnerability. Consider temporary restrictions or WAF rules if immediate upgrade is not possible.
There is currently no confirmed active exploitation of CVE-2025-47535, but the vulnerability's nature makes it a potential target.
Please refer to the official Opal Woo Custom Product Variation website or WordPress plugin repository for the latest advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.