The W2S – Migrate WooCommerce to Shopify plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 1.2.1 via the 'viw2s_view_log' AJAX action. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:NVillatheme W2s
APPVillatheme< 1.3.0
Related vulnerabilities
Authentication bypass w WooCommerce Photo Reviews Premium dla WordPress
Sensitive Data Exposure in Villatheme ALD - AliExpress Dropshipping and Fulfillment for WooCommerce premium pl...
The EXMAGE WordPress plugin before 1.0.7 does to ensure that images added via URLs are external images, which ...
Improper Neutralization of Input During Web Page Generation ('Cross-site Scripting') vulnerability in VillaThe...
The Thank You Page Customizer for WooCommerce – Increase Your Sales plugin for WordPress is vulnerable to miss...