The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `…
Published:
13 January 2026 at 23:00:00
Alert date:
14 January 2026 at 17:02:19
Source:
nvd.nist.gov
Web Technologies
The Integration Opvius AI for WooCommerce WordPress plugin versions up to 1.3.0 contains a critical path traversal vulnerability. The process_table_bulk_actions() function lacks authentication checks, nonce verification, and path validation when processing user-supplied file paths. Unauthenticated attackers can exploit this via the wsaw-log[] POST parameter to delete or download arbitrary server files. This vulnerability can be leveraged to delete critical files like wp-config.php or access sensitive configuration data, posing a significant security risk to affected WordPress installations.
Technical details
Mitigation steps:
Affected products:
Integration Opvius AI for WooCommerce
WordPress
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2025-14301
https://plugins.trac.wordpress.org/browser/woosa-ai-for-woocommerce/tags/1.3.0/vendor/woosa/logger/class-module-logger-hook.php#L160
https://plugins.trac.wordpress.org/browser/woosa-ai-for-woocommerce/tags/1.3.0/vendor/woosa/logger/class-module-logger-hook.php#L25
https://plugins.trac.wordpress.org/browser/woosa-ai-for-woocommerce/tags/1.3.0/vendor/woosa/logger/class-module-logger-hook.php#L41
https://plugins.trac.wordpress.org/browser/woosa-ai-for-woocommerce/tags/1.3.0/vendor/woosa/logger/class-module-logger-hook.php#L79
https://www.wordfence.com/threat-intel/vulnerabilities/id/34612902-1a26-4759-bca6-b5aaffa25af4?source=cve
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.