Report
The Total processing card payments for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 7.1.5 via the ajax_download_debugdata_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download the contents of arbitrary files on the server, which can contain sensitive information.
Score:6.5
Severity:Medium
Version: 7.1.5
There is a patch available in v7.1.6 and we strongly recommend you update to this version as soon as possible.
