Jma Plugins Woocommerce Designer Pro vulnerabilities
3 known vulnerabilities affecting jma_plugins/woocommerce_designer_pro.
Total CVEs
3
CISA KEV
0
Public exploits
2
Exploited in wild
1
Severity breakdown
CRITICAL2HIGH1
Vulnerabilities
Page 1 of 1
CVE-2025-6440P1CRITICALCVSS 9.8ExploitedPoC≤ 1.9.262025-10-24
CVE-2025-6440 [CRITICAL] CWE-434 CVE-2025-6440: The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Se
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and including, 1.9.26. This makes it possible for unauthenticated attackers to up
nvd
CVE-2025-10897P2HIGHCVSS 8.6PoC≤ 1.9.282025-10-31
CVE-2025-10897 [HIGH] CWE-22 CVE-2025-10897: The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all version
The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read.
nvd
CVE-2025-6439P2CRITICALCVSS 9.8≤ 1.9.262025-10-11
CVE-2025-6439 [CRITICAL] CWE-22 CVE-2025-6439: The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Se
The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and including, 1.9.26. This makes it possible for unauthenticated attackers
nvd