VYPR

WooCommerce Purchase Orders

by WordPress

CVEs (1)

  • CVE-2025-5391HigAug 12, 2025
    risk 0.46cvss 8.1epss 0.01

    The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_file() function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with…