Admin and Customer Messages After Order for WooCommerce: OrderConvo, CVE-2025-10162
- CVE, Research URL
- Home page URL
-
Security reports for Admin and Customer Messages After Order for WooCommerce: OrderConvo
- Published on
- Oct 07, 2025
- Research Description
- The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack
- Affected versions
-
max 14.
- Status
-
vulnerable