CVE-2025-10268 | The Printcart Web to Print Product Designer for WooCommerce … | CVSS 5.3 MEDIUM

Description

The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server.

Metadata

CVE ID: CVE-2025-10268
State: PUBLISHED
Assigner: WPScan
Reserved: 2025-09-11 12:30 UTC
Published: 2026-06-26 06:00 UTC
Last updated: 2026-06-26 12:18 UTC
Vendor / Product: Unknown / Printcart Web to Print Product Designer for WooCommerce
Sources: cve.org · NVD

Severity & Metrics

5.3 MEDIUM CVSS 3.1

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

SSVC — CISA Coordinator

Exploitation: PoC
Automatable: yes
Tech. Impact: partial

Affected products (1)

Vendor	Product	Platform	Versions
Unknown	Printcart Web to Print Product Designer for WooCommerce	—	0 ≤ 2.4.8

Weakness (CWE)

CWE	Source	Description
—	cna	CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CVSS scores (1)

Score	Severity	Version	Source	Vector
5.3	MEDIUM	3.1	adp	CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N

References (1)

https://wpscan.com/vulnerability/0cff6fb3-339b-4eb6-969b-b3a43613cc71/