免费扫描

此页面尚未翻译为您的语言。我们正在努力翻译,目前显示英文内容。

💡 Keep dependencies up to date — most exploits target known, patchable vulnerabilities.

CRITICALCVE-2025-47641CVSS 10

CVE-2025-47641: Arbitrary File Access in Printcart WooCommerce Designer

平台

wordpress

组件

printcart-integration

修复版本

2.3.10

在NVD查看
保存
正在翻译为您的语言…

CVE-2025-47641 describes an Arbitrary File Access vulnerability discovered in the Printcart Web to Print Product Designer for WooCommerce plugin. This flaw allows attackers to upload files of any type, including malicious web shells, to the web server. Versions 0.0.0 through 2.3.9 are affected, and a fix is available in version 2.3.10, released on an unspecified date.

WordPress

检测此 CVE 是否影响你的项目

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描

影响与攻击场景翻译中…

The primary impact of this vulnerability is the ability for an attacker to upload arbitrary files to the web server. This includes web shells, which can grant the attacker remote code execution (RCE) and complete control over the compromised server. Successful exploitation could lead to data breaches, defacement of the website, installation of malware, and lateral movement within the network. The unrestricted nature of the upload makes this a particularly dangerous vulnerability, as attackers are not limited in the type of malicious payload they can deploy. The potential for RCE significantly expands the blast radius, potentially impacting any systems accessible from the compromised web server.

利用背景翻译中…

The vulnerability's severity (CVSS 10) indicates a high probability of exploitation. Public proof-of-concept (POC) code is likely to emerge given the ease of exploitation. As of the publication date (2025-05-23), there is no indication of active exploitation campaigns, but the vulnerability's ease of exploitation suggests it will be actively targeted. Monitor security advisories and threat intelligence feeds for updates.

威胁情报

漏洞利用状态

概念验证未知
CISA KEVNO
互联网暴露

EPSS

0.41% (61% 百分位)

CISA SSVC

利用情况none
可自动化yes
技术影响total

CVSS 向量

威胁情报· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H10.0CRITICALAttack VectorNetwork攻击者如何到达目标Attack ComplexityLow利用漏洞所需的条件Privileges RequiredNone攻击所需的认证级别User InteractionNone是否需要受害者采取行动ScopeChanged超出受影响组件的影响范围ConfidentialityHigh敏感数据泄露风险IntegrityHigh数据未授权篡改风险AvailabilityHigh服务中断风险nextguardhq.com · CVSS v3.1 基础分数
这些指标意味着什么?
Attack Vector
网络 — 可通过互联网远程利用,无需物理或本地访问。攻击面最大。
Attack Complexity
低 — 无需特殊条件,可以稳定地利用漏洞。
Privileges Required
无 — 无需认证,无需凭证即可利用。
User Interaction
无 — 攻击自动且无声,受害者无需任何操作。
Scope
已改变 — 攻击可以超出脆弱组件,影响其他系统。
Confidentiality
高 — 完全丧失机密性,攻击者可读取所有数据。
Integrity
高 — 攻击者可写入、修改或删除任何数据。
Availability
高 — 完全崩溃或资源耗尽,完全拒绝服务。

受影响的软件

组件printcart-integration
供应商printcart
最低版本0.0.0
最高版本2.3.9
修复版本2.3.10

弱点分类 (CWE)

CWE-434

时间线

  1. 已保留
  2. 发布日期
  3. 修改日期
  4. EPSS 更新日期

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2025-47641 is to immediately upgrade the Printcart Web to Print Product Designer for WooCommerce plugin to version 2.3.10 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These might include restricting file uploads to specific, safe file types using server-side configuration (e.g., .jpg, .png) and implementing strict file size limits. Web Application Firewalls (WAFs) can be configured to block suspicious file uploads based on file type or content. After upgrading, verify the fix by attempting to upload a test file with a dangerous extension (e.g., .php) to confirm that the upload is blocked.

修复方法翻译中…

Actualice el plugin Printcart Web to Print Product Designer for WooCommerce a la versión 2.3.10 o superior para solucionar la vulnerabilidad de subida arbitraria de archivos. Esta actualización corrige la falta de validación de los tipos de archivo permitidos, lo que permite a los atacantes subir archivos maliciosos, incluyendo webshells, al servidor.

常见问题翻译中…

What is CVE-2025-47641 — Arbitrary File Access in Printcart WooCommerce Designer?

CVE-2025-47641 is a critical vulnerability in Printcart Web to Print Product Designer for WooCommerce allowing attackers to upload arbitrary files, potentially leading to server compromise. It affects versions 0.0.0–2.3.9 and has a CVSS score of 10.

Am I affected by CVE-2025-47641 in Printcart WooCommerce Designer?

You are affected if you are using Printcart Web to Print Product Designer for WooCommerce versions 0.0.0 through 2.3.9. Immediately check your plugin version and upgrade if necessary.

How do I fix CVE-2025-47641 in Printcart WooCommerce Designer?

Upgrade the Printcart Web to Print Product Designer for WooCommerce plugin to version 2.3.10 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file types and using a WAF.

Is CVE-2025-47641 being actively exploited?

While there's no confirmed active exploitation at this time, the vulnerability's ease of exploitation suggests it will likely be targeted. Monitor security advisories and threat intelligence.

Where can I find the official Printcart advisory for CVE-2025-47641?

Refer to the Printcart website and their official security advisory page for the most up-to-date information regarding CVE-2025-47641 and the available fix. Check their support forums and documentation as well.

你的项目受影响吗?

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE
WordPress

检测此 CVE 是否影响你的项目

上传你的依赖文件,立即了解此CVE和其他CVE是否影响你。

免费扫描
live免费扫描

立即扫描您的WordPress项目 — 无需账户

上传任何清单文件 (composer.lock, package-lock.json, WordPress 插件列表…) 或粘贴您的组件列表。您立即获得一份漏洞报告。上传文件只是开始:拥有账户后,您将获得持续监控、Slack/电子邮件警报、多项目和白标报告。

手动扫描Slack/邮件提醒持续监控白标报告

拖放您的依赖文件

composer.lock、package-lock.json、requirements.txt、Gemfile.lock、pubspec.lock、Dockerfile...