CVE-2025-47535 – Opal Woo Custom Product Variation Path Traversal

May 24, 2025

CVE ID : CVE-2025-47535

Published : May 23, 2025, 1:15 p.m. | 15 hours, 14 minutes ago

Description : Improper Limitation of a Pathname to a Restricted Directory (‘Path Traversal’) vulnerability in wpopal Opal Woo Custom Product Variation allows Path Traversal. This issue affects Opal Woo Custom Product Variation: from n/a through 1.2.0.

Severity: 8.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-47539 – Themewinter Eventin Privilege Escalation Vulnerability

Next Article CVE-2025-47532 – CoinPayments.net Payment Gateway for WooCommerce Object Injection Vulnerability

Highlights

CVE-2025-46328 – Snowflake-Connector-Nodejs TOCTOU Race Condition Local File Write Vulnerability

April 29, 2025

CVE ID : CVE-2025-46328

Published : April 28, 2025, 11:15 p.m. | 3 hours, 50 minutes ago

Description : snowflake-connector-nodejs is a NodeJS driver for Snowflake. Versions starting from 1.10.0 to before 2.0.4, are vulnerable to a Time-of-Check to Time-of-Use (TOCTOU) race condition. When using the Easy Logging feature on Linux and macOS the Driver reads logging configuration from a user-provided file. On Linux and macOS the Driver verifies that the configuration file can be written to only by its owner. That check was vulnerable to a TOCTOU race condition and failed to verify that the file owner matches the user running the Driver. This could allow a local attacker with write access to the configuration file or the directory containing it to overwrite the configuration and gain control over logging level and output location. This issue has been patched in version 2.0.4.

Severity: 3.3 | LOW

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Sunshine And March Vibes (2025 Wallpapers Edition)

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

My favorite gaming service is 40% off right now (and no, it’s not Xbox Game Pass)

A timeline of JavaScript’s history

A timeline of JavaScript’s history

Loading JSON Data into Snowflake From Local Directory

Streamline Conditional Logic with Laravel’s Fluent Conditionable Trait

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

SteamOS is officially not just for Steam Deck anymore — now ready for Lenovo Legion Go S and sort of ready for the ROG Ally

Microsoft’s latest AI model can accurately forecast the weather: “It doesn’t know the laws of physics, so it could make up something completely crazy”

OpenAI scientists wanted “a doomsday bunker” before AGI surpasses human intelligence and threatens humanity

CVE-2025-47535 – Opal Woo Custom Product Variation Path Traversal

CVE-2025-48287 – Pagaleve Pix 4x sem juros – Object Injection Vulnerability

CVE-2025-48292 – GoodLayers Tourmaster PHP Remote File Inclusion Vulnerability

Automated Visual Regression Testing With Playwright

Secure Service-to-Service Communication with Okta

CVE-2025-30419 – NI Circuit Design Suite SymbolEditor Out-of-Bounds Read Vulnerability

CLI Experiments : Dashboard (Part 2)

CVE-2025-46328 – Snowflake-Connector-Nodejs TOCTOU Race Condition Local File Write Vulnerability

Enable or Disable Word Wrap in VS Code

JMeter plugin so that we are able to see run time error when we are doing executions

Translations using Custom Labels and Metadata

CVE-2025-47535 – Opal Woo Custom Product Variation Path Traversal

Related Posts