WooCommerce Designer Pro

8.6 / 10

HIGH

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Description

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read.

AI Analysis

Unauthenticated arbitrary file read vulnerability in WooCommerce Designer Pro theme for WordPress

Basic Information

ID CVE-2025-10897

Source Wordfence

Published Oct 31, 2025 at 07:26

Affected Product

Vendor JMA Plugins

Product WooCommerce Designer Pro

Version *

Affected Versions JMA Plugins WooCommerce Designer Pro *

CWE Classification

CWE-22

AI Assessment

AI Score 8.6 / 10

AI Severity High

Vendor JMA Plugins

Product WooCommerce Designer Pro

Version 1.9.28 and below

References

{
    "lastseen": "",
    "description": "The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read.",
    "published": "2025-10-31T07:26:39.837Z",
    "modified": "2025-10-31T07:26:39.837Z",
    "type": "cve",
    "title": "WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a47cdeb-bd05-4e7e-99dc-dca67064182a?source=cve\nhttps://codecanyon.net/item/woocommerce-designer-pro-cmyk-card-flyer/22027731",
    "id": "CVE-2025-10897",
    "bulletinFamily": "",
    "cwe": [
        "CWE-22"
    ],
    "cvelist": null,
    "sourceData": "JMA Plugins WooCommerce Designer Pro *",
    "sourceHref": "",
    "cvss": {
        "score": 8.6,
        "severity": "HIGH",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WooCommerce Designer Pro",
    "version": "*",
    "vendor": "JMA Plugins",
    "ai_description": "Unauthenticated arbitrary file read vulnerability in WooCommerce Designer Pro theme for WordPress",
    "ai_severity": "High",
    "ai_vendor": "JMA Plugins",
    "ai_product": "WooCommerce Designer Pro",
    "ai_version": "1.9.28 and below",
    "ai_score": 8.6
}

WooCommerce Designer Pro <= 1.9.28 - Unauthenticated Arbitrary File Read_CVE-2025-10897