The Integration Opvius AI for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.3.0. This is due to the `…
Published:
13 January 2026 at 23:00:00
Alert date:
14 January 2026 at 11:36:08
Source:
nvd.nist.gov
Web Technologies
The Integration Opvius AI for WooCommerce plugin for WordPress contains a critical path traversal vulnerability affecting all versions up to 1.3.0. The vulnerability exists in the process_table_bulk_actions() function which processes user-supplied file paths without proper authentication checks, nonce verification, or path validation. Unauthenticated attackers can exploit this via the wsaw-log[] POST parameter to delete or download arbitrary files on the server. This can lead to deletion of critical files like wp-config.php or unauthorized access to sensitive configuration files, making it a high-severity security risk for WordPress sites using this plugin.
Technical details
Mitigation steps:
Affected products:
Integration Opvius AI for WooCommerce plugin
WordPress
Related links:
https://nvd.nist.gov/vuln/detail/CVE-2025-14301
https://plugins.trac.wordpress.org/browser/woosa-ai-for-woocommerce/tags/1.3.0/vendor/woosa/logger/class-module-logger-hook.php#L160
https://plugins.trac.wordpress.org/browser/woosa-ai-for-woocommerce/tags/1.3.0/vendor/woosa/logger/class-module-logger-hook.php#L25
https://plugins.trac.wordpress.org/browser/woosa-ai-for-woocommerce/tags/1.3.0/vendor/woosa/logger/class-module-logger-hook.php#L41
https://plugins.trac.wordpress.org/browser/woosa-ai-for-woocommerce/tags/1.3.0/vendor/woosa/logger/class-module-logger-hook.php#L79
https://www.wordfence.com/threat-intel/vulnerabilities/id/34612902-1a26-4759-bca6-b5aaffa25af4?source=cve
Related CVE's:
Related threat actors:
IOC's:
This article was created with the assistance of AI technology by Perceptive.