CVE Catalog
CVE-2026-49061
HighCVSS 7.5Exploitation Probability (EPSS)
Low risk0.37%
29th percentile - higher than 29% of all known CVEs
Summary
In WPC Product Options for WooCommerce versions <= 3.2.1, there is a vulnerability allowing unauthenticated arbitrary file download.
Risk Assessment
An attacker could exploit this vulnerability to download sensitive files from the server, potentially leading to data exposure.
Recommendation
It is recommended to update WPC Product Options to the latest version to mitigate this vulnerability.
Original NVD description (English source)
Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

