cleantalk
Vulnerabilities and Security Researches

Woocommerce Category and Products Accordion Panel, CVE-2025-11722

CVE, Research URL

CVE-2025-11722

Home page URL

Security reports for Woocommerce Category and Products Accordion Panel

Application

Woocommerce Category and Products Accordion Panel

Published on
Oct 15, 2025
Research Description
The Woocommerce Category and Products Accordion Panel plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.0 via the 'categoryaccordionpanel' shortcode. This makes it possible for authenticated attackers, with Contributor-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included.
Affected versions
max 1.0.
Status
vulnerable
Previous vulnerability researches
Did Prestashop Display – Show Prestashop products in your WordPress (CVE-2025-62945) , Nov 10, 2025
New vulnerability
SmartCrawl WordPress SEO checker, SEO analyzer, SEO optimizer (CVE-2025-62048) , Nov 11, 2025
Team Member Showcase Staff List Plugin – Employee Spotlight (CVE-2025-12090) , Nov 11, 2025
WPeMatico RSS Feed Fetcher (CVE-2025-49922) , Nov 11, 2025
Cost Calculator Builder (CVE-2025-9243) , Nov 11, 2025
Off-Canvas Sidebars & Menus (Slidebars) (CVE-2025-62891) , Nov 11, 2025