CVE Catalog

CVE-2026-49779

MediumCVSS 6.5
Published: Updated: Translated: NVD NIST

Summary

The Tax Exempt for WooCommerce plugin version 1.9.3 and earlier contains a Customer Path Traversal vulnerability that allows unauthorized access to files outside the root directory.

Risk Assessment

An attacker can exploit this vulnerability to read sensitive configuration files or customer data, leading to a breach of system confidentiality and integrity.

Recommendation

Immediately update the Tax Exempt for WooCommerce plugin to the latest available version that fixes this vulnerability.

Original NVD description (English source)

Customer Path Traversal in Tax Exempt for WooCommerce <= 1.9.3 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS