First published: Wed Mar 26 2025(Updated: )
The Product Import Export for WooCommerce – Import Export Product CSV Suite plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the admin_log_page() function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary log files on the server.
Credit: security@wordfence.com
Affected Software | Affected Version | How to fix |
---|---|---|
WordPress Product Import Export for WooCommerce | <=2.5.0 |
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
CVE-2025-1911 is classified as a high severity vulnerability due to the potential for arbitrary file deletion.
To fix CVE-2025-1911, upgrade the Product Import Export for WooCommerce plugin to version 2.5.1 or later.
CVE-2025-1911 affects the Product Import Export for WooCommerce plugin versions up to and including 2.5.0.
CVE-2025-1911 can enable attackers to delete arbitrary files on the server.
CVE-2025-1911 was disclosed in 2025 but the specific date is not provided in the available information.