cleantalk
Vulnerabilities and Security Researches

Woocommerce Blocks – Woolook, CVE-2024-8393

CVE, Research URL

CVE-2024-8393

Home page URL

Security reports for Woocommerce Blocks – Woolook

Application

Woocommerce Blocks – Woolook

Published on
Aug 16, 2025
Research Description
The Woocommerce Blocks – Woolook plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.7.0 via the via the 'tab' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where images and other “safe” file types can be uploaded and included. Please note that this can also be exploited via CSRF techniques.
Affected versions
Min -, max 1.7.0.
Status
vulnerable
Previous vulnerability researches
Woocommerce Blocks – Woolook (CVE-2024-54375) , Dec 19, 2024
Woocommerce Blocks – Woolook (CVE-2024-8393) , Aug 17, 2025
New vulnerability
Linux Promotional Plugin (CVE-2025-7668) , Aug 17, 2025
Poll Maker – Best WordPress Poll Plugin (CVE-2024-12575) , Aug 17, 2025
Add User Meta (CVE-2025-7688) , Aug 17, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-8896) , Aug 17, 2025
RSS Feed Pro (CVE-2025-53581) , Aug 17, 2025