cleantalk
Vulnerabilities and Security Researches

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light, CVE-2025-39378

CVE, Research URL

CVE-2025-39378

Home page URL

Security reports for Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

Application

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light

Published on
Apr 24, 2025
Research Description
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows PHP Local File Inclusion. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37.
Affected versions
Min -, max 2.4.37.
Status
vulnerable
Previous vulnerability researches
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages (CVE-2024-35653) , Jun 07, 2024
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages (CVE-2022-2516) , Jun 07, 2024
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages (ef02cb7ba113551547a2db17546c38a3c63b0758) , Jun 07, 2024
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages (CVE-2022-2430) , Jun 07, 2024
Visual Composer Website Builder, Landing Page Builder, Custom Theme Builder, Maintenance Mode & Coming Soon Pages (CVE-2020-36722) , Jun 07, 2024
New vulnerability
Related Posts via Taxonomies (CVE-2025-46520) , Apr 25, 2025
Advanced Accordion Gutenberg Block (CVE-2025-2543) , Apr 25, 2025
Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light (CVE-2025-39378) , Apr 25, 2025
PowerPress Podcasting plugin by Blubrry (CVE-2024-9230) , Apr 25, 2025
Capturly (CVE-2025-39379) , Apr 25, 2025