CVE-2026-7547
Deferred Deferred - Pending Action

Arbitrary File Read in Woosa Marktplaats for WooCommerce Plugin

Vulnerability report for CVE-2026-7547, including description, CVSS score, EPSS score, affected products, exploitability, helpful resources, and attack-flow context.

Publication date: 2026-06-19

Last updated on: 2026-06-23

Assigner: Wordfence

Description

The Woosa – Marktplaats for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Read via Path Traversal in versions up to and including 2.0.4. This is due to insufficient path sanitization in the render_logs_ui() function, which accepts a base64-encoded file name from the 'log_file' GET parameter and concatenates it directly with the plugin's log directory path without validating that the resolved path remains within the intended directory. This makes it possible for authenticated attackers, with Administrator-level access, to read the contents of arbitrary files on the server, including wp-config.

CVSS Scores

EPSS Scores

Probability:
Percentile:

Meta Information

Published
2026-06-19
Last Modified
2026-06-23
Generated
2026-07-09
AI Q&A
2026-06-19
EPSS Evaluated
2026-07-08
NVD
EUVD

Affected Vendors & Products

Showing 1 associated CPE
Vendor Product Version / Range
woosa marktplaats_for_woocommerce to 2.0.4 (inc)

Helpful Resources

Exploitability

CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-22 The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

Attack-Flow Graph

AI Quick Actions

Instant insights powered by AI
Executive Summary

The Woosa – Marktplaats for WooCommerce plugin for WordPress has a vulnerability called Arbitrary File Read via Path Traversal in versions up to and including 2.0.4.

This happens because the plugin's render_logs_ui() function takes a base64-encoded file name from the 'log_file' GET parameter and directly appends it to the plugin's log directory path without properly checking if the resulting path stays within the intended directory.

As a result, an authenticated attacker with Administrator-level access can exploit this flaw to read the contents of any file on the server, including sensitive files like wp-config.

Impact Analysis

This vulnerability allows an attacker with Administrator-level access to read arbitrary files on the server.

Such unauthorized file access can lead to exposure of sensitive information, including configuration files like wp-config, which may contain database credentials and other secrets.

This can compromise the security of the website and potentially the entire server environment.

Compliance Impact

This vulnerability allows authenticated attackers with Administrator-level access to read arbitrary files on the server, including sensitive configuration files such as wp-config. Such unauthorized access to sensitive data could potentially lead to violations of data protection regulations like GDPR and HIPAA, which require strict controls on access to personal and sensitive information.

However, the provided context and resources do not explicitly discuss the impact of this vulnerability on compliance with specific standards or regulations.

Detection Guidance

This vulnerability involves the Woosa – Marktplaats for WooCommerce plugin for WordPress allowing Arbitrary File Read via Path Traversal through the 'log_file' GET parameter in the render_logs_ui() function.

Detection would require checking for attempts to access the 'log_file' parameter with base64-encoded values that could lead to path traversal outside the intended log directory.

Since the vulnerability requires authenticated Administrator-level access, monitoring authenticated admin requests to the plugin's log viewing functionality for suspicious base64-encoded parameters is recommended.

  • Use web server access logs to search for requests to the plugin's log UI endpoint containing 'log_file' parameters with unusual or suspicious base64 strings.
  • Example command to search Apache logs for suspicious 'log_file' parameters: grep -i 'log_file=' /var/log/apache2/access.log | grep -E '[A-Za-z0-9+/=]{10,}'
  • Use WordPress audit or activity logs to identify Administrator users accessing the log viewing feature.
  • If possible, decode base64 strings found in logs to check if they contain path traversal sequences like '../'.
Mitigation Strategies

Immediate mitigation steps include restricting access to the vulnerable plugin's log viewing functionality to trusted administrators only.

Ensure that only authenticated users with Administrator-level privileges can access the affected functionality.

If possible, disable or remove the Woosa – Marktplaats for WooCommerce plugin until a patched version beyond 2.0.4 is available.

Monitor and audit access logs for suspicious activity related to the 'log_file' parameter.

Apply any available updates or patches from the plugin vendor as soon as they are released.

Chat Assistant

Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-7547. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70

EPSS Chart