{"api_version":"1","generated_at":"2026-06-26T19:42:37+00:00","cve":"CVE-2025-10268","urls":{"html":"https://cve.report/CVE-2025-10268","api":"https://cve.report/api/cve/CVE-2025-10268.json","docs":"https://cve.report/api","cve_org":"https://www.cve.org/CVERecord?id=CVE-2025-10268","nvd":"https://nvd.nist.gov/vuln/detail/CVE-2025-10268"},"summary":{"title":"Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path Traversal","description":"The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server.","state":"PUBLISHED","assigner":"WPScan","published_at":"2026-06-26 07:16:21","updated_at":"2026-06-26 16:17:26"},"problem_types":["CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":[{"version":"3.1","source":"ADP","type":"DECLARED","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"version":"3.1","source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","score":"5.3","severity":"MEDIUM","vector":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","data":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"}}],"references":[{"url":"https://wpscan.com/vulnerability/0cff6fb3-339b-4eb6-969b-b3a43613cc71/","name":"https://wpscan.com/vulnerability/0cff6fb3-339b-4eb6-969b-b3a43613cc71/","refsource":"contact@wpscan.com","tags":[],"title":"","mime":"","httpstatus":"","archivestatus":"0"},{"url":"https://www.cve.org/CVERecord?id=CVE-2025-10268","name":"CVE Program record","refsource":"CVE.ORG","tags":["canonical"]},{"url":"https://nvd.nist.gov/vuln/detail/CVE-2025-10268","name":"NVD vulnerability detail","refsource":"NVD","tags":["canonical","analysis"]}],"affected":[{"source":"CNA","vendor":"Unknown","product":"Printcart Web to Print Product Designer for WooCommerce","version":"affected 2.4.8 semver","platforms":[]}],"timeline":[],"solutions":[],"workarounds":[],"exploits":[],"credits":[{"source":"CNA","value":"D01EXPLOIT OFFICIAL","lang":"en"},{"source":"CNA","value":"WPScan","lang":"en"}],"nvd_cpes":[],"vendor_comments":[],"enrichments":{"kev":null,"epss":null,"legacy_qids":[]},"source_records":{"cve_program":{"containers":{"adp":[{"metrics":[{"cvssV3_1":{"attackComplexity":"LOW","attackVector":"NETWORK","availabilityImpact":"NONE","baseScore":5.3,"baseSeverity":"MEDIUM","confidentialityImpact":"LOW","integrityImpact":"NONE","privilegesRequired":"NONE","scope":"UNCHANGED","userInteraction":"NONE","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","version":"3.1"}},{"other":{"content":{"id":"CVE-2025-10268","options":[{"Exploitation":"poc"},{"Automatable":"yes"},{"Technical Impact":"partial"}],"role":"CISA Coordinator","timestamp":"2026-06-26T12:18:40.996000Z","version":"2.0.3"},"type":"ssvc"}}],"providerMetadata":{"dateUpdated":"2026-06-26T12:18:49.371Z","orgId":"134c704f-9b21-4f2e-91b3-4a467353bcc0","shortName":"CISA-ADP"},"title":"CISA ADP Vulnrichment"}],"cna":{"affected":[{"defaultStatus":"unknown","product":"Printcart Web to Print Product Designer for WooCommerce","vendor":"Unknown","versions":[{"lessThanOrEqual":"2.4.8","status":"affected","version":"0","versionType":"semver"}]}],"credits":[{"lang":"en","type":"finder","value":"D01EXPLOIT OFFICIAL"},{"lang":"en","type":"coordinator","value":"WPScan"}],"descriptions":[{"lang":"en","value":"The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server."}],"problemTypes":[{"descriptions":[{"description":"CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')","lang":"en","type":"CWE"}]}],"providerMetadata":{"dateUpdated":"2026-06-26T06:00:02.131Z","orgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","shortName":"WPScan"},"references":[{"tags":["exploit","vdb-entry","technical-description"],"url":"https://wpscan.com/vulnerability/0cff6fb3-339b-4eb6-969b-b3a43613cc71/"}],"source":{"discovery":"EXTERNAL"},"title":"Printcart Web to Print Product Designer for WooCommerce <= 2.4.8 - Unauthenticated Folder Content Disclosure via Path Traversal","x_generator":{"engine":"WPScan CVE Generator"}}},"cveMetadata":{"assignerOrgId":"1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81","assignerShortName":"WPScan","cveId":"CVE-2025-10268","datePublished":"2026-06-26T06:00:02.131Z","dateReserved":"2025-09-11T12:30:32.763Z","dateUpdated":"2026-06-26T12:18:49.371Z","state":"PUBLISHED"},"dataType":"CVE_RECORD","dataVersion":"5.2"},"nvd":{"publishedDate":"2026-06-26 07:16:21","lastModifiedDate":"2026-06-26 16:17:26","problem_types":["CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"],"metrics":{"cvssMetricV31":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N","baseScore":5.3,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"LOW","integrityImpact":"NONE","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}],"ssvcV203":[{"source":"134c704f-9b21-4f2e-91b3-4a467353bcc0","ssvcData":{"timestamp":"2026-06-26T12:18:40.996000Z","id":"CVE-2025-10268","options":[{"exploitation":"poc"},{"automatable":"yes"},{"technicalImpact":"partial"}],"role":"CISA Coordinator","version":"2.0.3"}}]},"configurations":[]},"legacy_mitre":{"record":{"CveYear":"2025","CveId":"10268","Ordinal":"1","Title":"Printcart Web to Print Product Designer for WooCommerce <= 2.4.8","CVE":"CVE-2025-10268","Year":"2025"},"notes":[{"CveYear":"2025","CveId":"10268","Ordinal":"1","NoteData":"The Printcart Web to Print Product Designer for WooCommerce WordPress plugin through 2.4.8 is vulnerable to path traversal which makes it possible for the attacker to retrieve the directory listing for arbitrary directories on the server.","Type":"Description","Title":"Printcart Web to Print Product Designer for WooCommerce <= 2.4.8"}]}}}