CVE Catalog

CVE-2026-49061

HighCVSS 7.5
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.37%

29th percentile - higher than 29% of all known CVEs

Summary

In WPC Product Options for WooCommerce versions <= 3.2.1, there is a vulnerability allowing unauthenticated arbitrary file download.

Risk Assessment

An attacker could exploit this vulnerability to download sensitive files from the server, potentially leading to data exposure.

Recommendation

It is recommended to update WPC Product Options to the latest version to mitigate this vulnerability.

Original NVD description (English source)

Unauthenticated Arbitrary File Download in WPC Product Options for WooCommerce <= 3.2.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS