VYPR

Woocommerce Order Convo

by WordPress

CVEs (1)

  • CVE-2025-10162HigOct 7, 2025
    risk 0.52cvss 7.5epss 0.04

    The Admin and Customer Messages After Order for WooCommerce: OrderConvo WordPress plugin before 14 does not validate the path of files to be downloaded, which could allow unauthenticated attacker to read/download arbitrary files via a path traversal attack