CVE-2025-69325
Path Traversal Vulnerability in Primer MyData for WooCommerce
Publication date: 2026-02-20
Last updated on: 2026-02-24
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| primersoftware | primer_mydata | to 4.2.8 (inc) |
| primersoftware | primer_mydata_for_woocommerce | to 4.2.8 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability impact me? :
This vulnerability can allow unauthenticated attackers to access sensitive files or data on the server by exploiting the path traversal flaw.
Because no privileges are required to exploit this issue, it increases the risk of unauthorized data exposure or modification.
Such unauthorized access can lead to data breaches, loss of data integrity, and potential compromise of the affected system.
Can you explain this vulnerability to me?
[{'type': 'paragraph', 'content': 'CVE-2025-69325 is a Path Traversal vulnerability in the WordPress Primer MyData for Woocommerce Plugin versions up to and including 4.2.8.'}, {'type': 'paragraph', 'content': "This vulnerability allows unauthenticated attackers to manipulate file paths using sequences like '.../...//' to access files and directories outside the intended scope."}, {'type': 'paragraph', 'content': 'It is classified under OWASP Top 10 A1: Broken Access Control and has a CVSS score of 5.3, indicating moderate severity.'}] [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability allows unauthenticated attackers to perform path traversal attacks against the Primer MyData for Woocommerce Plugin up to version 4.2.8.'}, {'type': 'paragraph', 'content': "Detection can involve monitoring for suspicious HTTP requests that include path traversal patterns such as sequences like '.../...//' or attempts to access files outside the intended directories."}, {'type': 'paragraph', 'content': 'Network or web server logs can be searched for such patterns to identify potential exploitation attempts.'}, {'type': 'list_item', 'content': "Use command-line tools like grep to search web server logs for path traversal strings, for example: grep -E '\\.\\.\\/\\.\\.\\/|\\.\\.\\/\\.\\.\\/\\/' access.log"}, {'type': 'list_item', 'content': 'Use intrusion detection systems or web application firewalls that can detect and alert on path traversal attack patterns.'}] [1]
What immediate steps should I take to mitigate this vulnerability?
The most immediate and effective mitigation is to update the Primer MyData for Woocommerce Plugin to version 4.2.9 or later, where this vulnerability has been patched.
Until the update can be applied, it is recommended to implement blocking rules provided by Patchstack to prevent exploitation attempts targeting this vulnerability.
Additionally, enabling automatic updates and continuous protection offered by Patchstack can help protect vulnerable plugins.