CVE-2025-68862
Awaiting Analysis Awaiting Analysis - Queue
Path Traversal in Woo File Dropzone Plugin Allows Unauthorized Access

Publication date: 2026-02-20

Last updated on: 2026-02-25

Assigner: Patchstack

Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Murtaza Bhurgri Woo File Dropzone woo-file-dropzone allows Path Traversal.This issue affects Woo File Dropzone: from n/a through <= 1.1.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-02-20
Last Modified
2026-02-25
Generated
2026-05-06
AI Q&A
2026-02-20
EPSS Evaluated
2026-05-05
NVD
CVE-2025-68862
Affected Vendors & Products
Showing 2 associated CPEs
Vendor Product Version / Range
patchstack woo_file_dropzone to 1.1.7 (inc)
murtaza_bhurgri woo_file_dropzone to 1.1.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?

CVE-2025-68862 is a high-priority Arbitrary File Deletion vulnerability in the WordPress Woo File Dropzone Plugin versions up to and including 1.1.7.

This vulnerability is a type of Path Traversal issue that allows a malicious actor with subscriber or developer privileges to delete arbitrary files from the affected website.

The vulnerability falls under the OWASP Top 10 category A1: Broken Access Control.


How can this vulnerability impact me? :

An attacker exploiting this vulnerability can delete arbitrary files on the affected website, including core files.

Such deletions can cause the website to break or stop functioning properly.

The vulnerability has a high risk and likelihood of exploitation, with a CVSS severity score of 7.7.


What immediate steps should I take to mitigate this vulnerability?

This vulnerability affects Woo File Dropzone Plugin versions up to and including 1.1.7 and allows arbitrary file deletion by users with subscriber or developer privileges.

Since no official patch is currently available, the immediate step is to apply the mitigation rule provided by Patchstack, which can block attacks exploiting this flaw until an official patch is released.

  • Apply the Patchstack mitigation rule immediately to protect your website.
  • Monitor for updates from Patchstack or the plugin developer for an official patch and apply it as soon as it becomes available.

How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:

I don't know


How can this vulnerability be detected on my network or system? Can you suggest some commands?

I don't know


Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70
EPSS Chart