CVE-2026-49061

HIGH

WordPress WPC Product Options for WooCommerce plugin <= 3.2.1 - Arbitrary File Download vulnerability

Title source: cna

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

Core 1

Core References

Vdb Entry vdb-entry

CVSS v3 7.5

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Vulnrichment

Exploitation none

Automatable yes

Technical Impact partial

CWE

CWE-22

Status published

Products (1)

WPClever/WPC Product Options for WooCommerce < 3.2.1

Published Jun 15, 2026

Tracked Since Jun 16, 2026