Plattform
wordpress
Komponente
extendons-eo-wooimport-export
Behoben in
2.0.7
CVE-2025-54029 is an Arbitrary File Access vulnerability affecting the WooCommerce CSV Import Export plugin. This vulnerability allows attackers to potentially read sensitive files on the server. It impacts versions 0.0.0 through 2.0.6 of the plugin, and a fix is available in version 2.0.7.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access restrictions and read files that they should not have access to. This could include configuration files containing database credentials, private keys, or other sensitive information. Successful exploitation could lead to data breaches, compromise of the WordPress installation, and potentially, further lateral movement within the network if the server has access to other resources. The impact is amplified if the server hosts other sensitive applications or data.
CVE-2025-54029 was publicly disclosed on 2025-08-28. There are currently no known public exploits or active campaigns targeting this vulnerability. The vulnerability is not listed on the CISA KEV catalog. The ease of exploitation is relatively high due to the path traversal nature of the vulnerability, but the lack of public exploits suggests limited current exploitation activity.
WordPress websites using the WooCommerce CSV Import Export plugin, particularly those running older versions (0.0.0–2.0.6), are at risk. Shared hosting environments where multiple WordPress installations share the same server are also at increased risk, as a compromise of one site could potentially expose files on other sites.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/extendons-eo-wooimport-export/*• generic web:
curl -I 'https://your-wordpress-site.com/wp-content/plugins/extendons-eo-wooimport-export/../../../../etc/passwd' # Check for file accessdisclosure
Exploit-Status
EPSS
0.06% (18% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-54029 is to immediately upgrade the WooCommerce csv import export plugin to version 2.0.7 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Carefully review file permissions on the server to ensure that only necessary files are readable by the web server user. Monitor web server access logs for suspicious requests containing path traversal attempts.
Actualice el plugin WooCommerce csv import export a una versión corregida. Verifique el sitio web del desarrollador o el repositorio de WordPress para obtener la última versión disponible. Asegúrese de realizar una copia de seguridad completa del sitio antes de actualizar cualquier plugin.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-54029 is a vulnerability in WooCommerce CSV Import Export allowing attackers to read files outside the intended directory. It affects versions 0.0.0–2.0.6 and has a CVSS score of 7.7 (HIGH).
You are affected if you are using WooCommerce CSV Import Export version 0.0.0 through 2.0.6. Check your plugin version and upgrade immediately if necessary.
Upgrade the WooCommerce CSV Import Export plugin to version 2.0.7 or later. If immediate upgrade is not possible, implement WAF rules to block path traversal attempts.
As of 2025-08-28, there are no confirmed reports of active exploitation, but the vulnerability's potential impact warrants monitoring.
Refer to the extendons website and WordPress plugin repository for the latest updates and security advisories related to WooCommerce CSV Import Export.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.