GHSA-qg23-9w2r-h58w · Severity: medium — The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read...
The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the render_logs_ui() function, which accepts a base64-encoded file name from the 'log_file' GET parameter and concatenates it directly with the plugin's log directory path without validating that the resolved path remains within the intended directory. This makes it possible for authenticated attackers, with Administrator-level access, to read the contents of arbitrary files on the server, including wp-config.
Conclusion & alert: CVE-2026-7547 is rated Low Risk (30.2/100): CVSS Medium severity. Mandatory action: Monitor for updates and reassess as exploit intelligence or EPSS changes.
Risk is dynamic; we continuously reassess and refresh what is shown on this page as upstream context changes.
EPSS lead: Daily EPSS estimates relative likelihood of exploitation; percentile ranks this CVE among scored vulnerabilities (higher = more severe relative rank).
EPSS has not published a score for this CVE yet—common while NVD analysis or FIRST scoring is still pending. Monitor daily updates and reassess once scores appear.
CVSS metrics for this CVE.
| Base score | Version | Severity | Vector | Exploitability | Impact | Score source |
|---|---|---|---|---|---|---|
| 4.9 | 3.1 | MEDIUM |
|
1.2 | 3.6 | [email protected] |
GHSA-qg23-9w2r-h58w · Severity: medium — The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read...
| Vendor | Product | Version | Raw CPE |
|---|---|---|---|
| No affected products in dataset. | |||