CVE-2018-20714

HIGH

WooCommerce < 3.4.6 - File Deletion and Privilege Escalation via Logging System

Title source: llm
STIX 2.1

Description

The logging system of the Automattic WooCommerce plugin before 3.4.6 for WordPress is vulnerable to a File Deletion vulnerability. This allows deletion of woocommerce.php, which leads to certain privilege checks not being in place, and therefore a shop manager can escalate privileges to admin.

References (1)

Core 1
Core References

Scores

CVSS v3 8.1
EPSS 0.0184
EPSS Percentile 76.4%
Attack Vector NETWORK
CVSS:3.0/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

Details

CWE
CWE-22
Status published
Products (1)
woocommerce/woocommerce < 3.4.6
Published Jan 15, 2019
Tracked Since Feb 18, 2026