cleantalk
Vulnerabilities and Security Researches

Hippoo!, CVE-2025-13339

CVE, Research URL

CVE-2025-13339

Home page URL

Security reports for Hippoo!

Application

Hippoo!

Published on
Dec 10, 2025
Research Description
The Hippoo Mobile App for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.7.1 via the template_redirect() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
max 1.7.2.
Status
vulnerable
Previous vulnerability researches
Hippoo! (CVE-2025-12655) , Jan 11, 2026
Hippoo! (CVE-2025-13339) , Jan 11, 2026
Hippoo! (CVE-2026-10580) , Jun 08, 2026
New vulnerability
Hippoo! (CVE-2026-10580) , Jun 08, 2026
Simple SEO Slideshow (CVE-2026-8900) , Jun 08, 2026
LearnPress Export Import – WordPress extension for LearnPress (CVE-2026-7565) , Jun 08, 2026
LearnPress Export Import – WordPress extension for LearnPress (CVE-2026-7566) , Jun 08, 2026
Event Monster – Event Management, Tickets Booking, Upcoming Event (CVE-2026-8608) , Jun 08, 2026