cleantalk
Vulnerabilities and Security Researches

Admin and Customer Messages After Order for WooCommerce: OrderConvo, CVE-2025-10162

CVE, Research URL

CVE-2025-10162

Home page URL

Security reports for Admin and Customer Messages After Order for WooCommerce: OrderConvo

Application

Admin and Customer Messages After Order for WooCommerce: OrderConvo

Published on
Oct 07, 2025
Research Description
The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack
Affected versions
max 14.
Status
vulnerable
Previous vulnerability researches
Admin and Customer Messages After Order for WooCommerce: OrderConvo (CVE-2024-13355) , Jan 17, 2025
Admin and Customer Messages After Order for WooCommerce: OrderConvo (CVE-2024-33566) , Jun 07, 2024
Admin and Customer Messages After Order for WooCommerce: OrderConvo (CVE-2025-10162) , Nov 10, 2025
New vulnerability
CoSchedule (CVE-2025-49913) , Nov 11, 2025
Simple Finance Calculator (CVE-2025-60246) , Nov 11, 2025
Smart WeTransfer (CVE-2025-62909) , Nov 11, 2025
百度站长SEO合集(支持百度/神马/Bing/头条推送) (CVE-2025-62977) , Nov 11, 2025
WP jQuery Pager (CVE-2025-10575) , Nov 11, 2025