A high-severity vulnerability has been identified in the WooCommerce Designer Pro theme for WordPress, which could allow an unauthenticated attacker to read sensitive files from the web server. Successful exploitation could lead to the theft of confidential information, such as database credentials or system configuration files, posing a significant risk to the organization's data and infrastructure security.

The vulnerability is an arbitrary file read, also known as path traversal. It exists because the theme fails to properly validate user-supplied input when accessing files on the server. An unauthenticated remote attacker can exploit this by crafting a malicious request containing directory traversal sequences (e.g., ../../) to navigate outside of the intended web root directory. This allows the attacker to read the contents of sensitive files, such as wp-config.php (containing database credentials), /etc/passwd, or other critical system and application files that the web server process has permission to access.

This vulnerability is rated as High severity with a CVSS score of 8.6. Exploitation could have a significant negative impact on the business. An attacker could exfiltrate sensitive data, including customer information, intellectual property, and authentication credentials. The compromise of database credentials from a file like wp-config.php could lead to a complete database breach. This could result in severe reputational damage, loss of customer trust, financial losses, and potential regulatory fines for non-compliance with data protection standards.

Immediate Action: Immediately update the WooCommerce Designer Pro theme to the latest patched version provided by the vendor. After applying the update, review all WordPress security settings to ensure they adhere to best practices. If the theme is no longer required for business operations, it should be deactivated and completely removed from the WordPress installation to eliminate the attack surface.

Proactive Monitoring: Monitor web server access logs and Web Application Firewall (WAF) logs for requests containing directory traversal patterns such as ../, ..%2f, or similar encodings. Set up alerts for any attempts to access sensitive system files (e.g., wp-config.php, /etc/passwd, .env). Utilize a File Integrity Monitoring (FIM) solution to detect unauthorized changes to core application files.

Compensating Controls: If immediate patching is not feasible, implement the following controls to mitigate risk:

• Deploy a Web Application Firewall (WAF) with rules specifically configured to detect and block path traversal and local file inclusion (LFI) attack patterns.
• Enforce strict file system permissions to ensure the web server's user account has read access only to the necessary directories and files.
• Disable the vulnerable theme until a patch can be applied and tested.

Public Exploit Available: false

Given the high severity (CVSS 8.6) of this vulnerability, immediate action is required. An unauthenticated attacker can leverage this flaw to steal critical credentials and data, which could serve as a pivot point for a more comprehensive attack on the organization's infrastructure. Although this CVE is not currently on the CISA KEV list, its high impact and the likelihood of future exploitation necessitate immediate remediation. We strongly recommend that all affected instances of the WooCommerce Designer Pro theme be patched or removed within the next 72 hours to prevent potential compromise.