CVE-2025-26933

{"id": "CVE-2025-26933", "cveTags": [], "metrics": {"cvssMetricV31": [{"type": "Secondary", "source": "[email protected]", "cvssData": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "REQUIRED", "attackComplexity": "HIGH", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}, "impactScore": 5.9, "exploitabilityScore": 1.6}]}, "published": "2025-03-10T15:15:37.997", "references": [{"url": "https://patchstack.com/database/wordpress/plugin/wc-place-order-without-payment/vulnerability/wordpress-place-order-without-payment-for-woocommerce-plugin-2-6-7-local-file-inclusion-vulnerability?_s_id=cve", "source": "[email protected]"}], "vulnStatus": "Awaiting Analysis", "weaknesses": [{"type": "Primary", "source": "[email protected]", "description": [{"lang": "en", "value": "CWE-98"}]}], "descriptions": [{"lang": "en", "value": "Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Nitin Prakash WC Place Order Without Payment allows PHP Local File Inclusion. This issue affects WC Place Order Without Payment: from n/a through 2.6.7."}, {"lang": "es", "value": "Vulnerabilidad de control inadecuado del nombre de archivo para la declaraci\u00f3n Include/Require en el programa PHP ('Inclusi\u00f3n de archivo remoto PHP') en Nitin Prakash WC Place Order Without Payment permite la inclusi\u00f3n de archivos locales PHP. Este problema afecta a WC Place Order Without Payment: desde n/a hasta 2.6.7."}], "lastModified": "2025-03-10T15:15:37.997", "sourceIdentifier": "[email protected]"}