CVE-2025-1911

Severity CVSS v4.0:
Pending analysis
Type:
Unavailable / Other
Publication date:
26/03/2025
Last modified:
09/07/2025

Description

The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.

Vulnerable products and versions

CPE From Up to
cpe:2.3:a:webtoffee:product_import_export_for_woocommerce:*:*:*:*:*:wordpress:*:* 2.5.1 (excluding)