Security Advisory

CVE-2025-10162

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-10-07 06:00:04

Last updated 2025-10-07 14:14:40

Assigner WPScan

State PUBLISHED

Description

The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack

← Browse all CVEs View on cve.org ↗