WooCommerce Refund And Exchange with RMA – Warranty Management, Refund...

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_files' function in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Basic Information

ID CVE-2025-6222

Source Wordfence

Published Jul 18, 2025 at 05:23

Modified Jul 18, 2025 at 14:56

Affected Product

Vendor WP Swings

Product WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet

Version *

Affected Versions WP Swings WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet *

CWE Classification

CWE-434

References

{
    "lastseen": "",
    "description": "The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_files' function in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",
    "published": "2025-07-18T05:23:56.741Z",
    "modified": "2025-07-18T14:56:25.614Z",
    "type": "cve",
    "title": "WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/35a7b5a1-b052-4390-8e08-f97aa9c16b29?source=cve\nhttps://codecanyon.net/item/woocommerce-refund-and-exchange/17810207#item-description__changelog",
    "id": "CVE-2025-6222",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "WP Swings WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet",
    "version": "*",
    "vendor": "WP Swings",
    "ai_description": "",
    "ai_severity": "",
    "ai_vendor": "",
    "ai_product": "",
    "ai_version": "",
    "ai_score": 0
}

WooCommerce Refund And Exchange with RMA – Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload_CVE-2025-6222