VYPR
Medium severity6.8NVD Advisory· Published Mar 25, 2026· Updated Apr 28, 2026

CVE-2026-25328

CVE-2026-25328

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in add-ons.org Product File Upload for WooCommerce products-file-upload-for-woocommerce allows Path Traversal.This issue affects Product File Upload for WooCommerce: from n/a through <= 2.2.4.

Affected products

1

Patches

Vulnerability mechanics

References

1

News mentions

1