High severity8.6NVD Advisory· Published Oct 31, 2025· Updated Apr 15, 2026

CVE-2025-10897

Description

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read.

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codecanyon.net/item/woocommerce-designer-pro-cmyk-card-flyer/22027731nvd
www.wordfence.com/threat-intel/vulnerabilities/id/3a47cdeb-bd05-4e7e-99dc-dca67064182anvd

News mentions

No linked articles in our index yet.

cvss	0.559
epss	0.018
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000