CVE-2017-17058
published 2017-11-29CVE-2017-17058: The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI…
PriorityP261high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
EXPLOIT
EPSS
23.67%
97.5th percentile
The WooCommerce plugin through 3.x for WordPress has a Directory Traversal Vulnerability via a /wp-content/plugins/woocommerce/templates/emails/plain/ URI, which accesses a parent directory. NOTE: a software maintainer indicates that Directory Traversal is not possible because all of the template files have "if (!defined('ABSPATH')) {exit;}" code
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| automattic | woocommerce | <= 3.2.6 | — |
Detection & IOCsextracted from sources · hover to see the quote
- →Monitor HTTP GET requests targeting the path /wp-content/plugins/woocommerce/templates/emails/plain/ with directory traversal sequences (e.g., ../) in the URI, which is the attack vector for this CVE. ↗
- →The exploit issues a plain HTTP GET request with Content-Type: text/html; charset=utf-8 header to the traversal path; detection rules should flag this header combined with the vulnerable path. ↗
- ·The software maintainer disputes this CVE, stating that directory traversal is not possible because all template files contain an ABSPATH guard that causes them to exit if accessed directly outside of WordPress context. ↗
CVSS provenance
nvdv3.17.5HIGHCVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv3.07.5HIGHCVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
nvdv2.05.0MEDIUMAV:N/AC:L/Au:N/C:P/I:N/A:N
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
No writeups or analysis indexed.
2017-11-29
Published