{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2026-2421", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2026-02-12T20:06:45.334Z", "datePublished": "2026-03-20T08:25:57.708Z", "dateUpdated": "2026-03-20T08:25:57.708Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-03-20T08:25:57.708Z"}, "affected": [{"vendor": "ghera74", "product": "ilGhera Carta Docente for WooCommerce", "versions": [{"version": "*", "status": "affected", "lessThanOrEqual": "1.5.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a file deletion. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, such as wp-config.php, which can make site takeover and remote code execution possible."}], "title": "ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7aab1307-7fb5-46fb-ae12-087dce3086fc?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-carta-docente/trunk/includes/class-wccd-admin.php#L88"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-carta-docente/tags/1.4.7/includes/class-wccd-admin.php#L88"}, {"url": "https://plugins.trac.wordpress.org/browser/wc-carta-docente/tags/1.5.1/includes/class-wccd-admin.php#L80"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "baseScore": 6.5, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Abhirup Konwar"}], "timeline": [{"time": "2026-02-12T20:08:07.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-19T20:03:09.000Z", "lang": "en", "value": "Disclosed"}]}}}

{}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a file deletion. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, such as wp-config.php, which can make site takeover and remote code execution possible."}], "id": "CVE-2026-2421", "lastModified": "2026-03-20T09:16:14.127", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 6.5, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2026-03-20T09:16:14.127", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wc-carta-docente/tags/1.4.7/includes/class-wccd-admin.php#L88"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wc-carta-docente/tags/1.5.1/includes/class-wccd-admin.php#L80"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/wc-carta-docente/trunk/includes/class-wccd-admin.php#L88"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/7aab1307-7fb5-46fb-ae12-087dce3086fc?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Received", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-03-20T09:51:10.322421+00:00", "value": {"mitigation_remediation": ["Update the ilGhera Carta Docente for WooCommerce plugin to version 1.5.1 or later.", "If an update is not immediately possible, disable the plugin to prevent the deletion action.", "Restrict file deletion capabilities by adjusting file permissions or using a security plugin to limit admin actions.", "Monitor server logs for unexpected file deletion attempts.", "Apply the principle of least privilege to all user accounts, ensuring only necessary accounts have Administrator privileges."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Deletion via authenticated path traversal"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the ghera74 ilGhera Carta Docente for WooCommerce plugin for WordPress versions 1.5.0 and earlier. No newer versions are listed as affected.", "description_and_impact": "The vulnerability is a path traversal flaw in the ilGhera Carta Docente for WooCommerce plugin. The flaw arises because the 'cert' parameter of the 'wccd-delete-certificate' AJAX action is not properly validated, allowing an authenticated user with Administrator level or higher to delete any file on the server. This could lead to removal of critical files such as wp\u2011config.php, enabling site takeover or remote code execution. The weakness is identified as CWE\u201122.", "risk_and_exploitability": "The CVSS score of 6.5 indicates medium severity. No EPSS data is available and the vulnerability is not listed in the CISA KEV catalog. Exploitation requires an account with Administrator privileges or higher, meaning that a compromised or poorly protected WordPress installation is at risk. According to the description, an attacker can delete arbitrary files on the server, which could lead to total site compromise if critical configuration files are removed."}}}}, "created": "2026-03-20T10:36:35.659409+00:00", "updated": "2026-03-20T10:36:35.659435+00:00", "vendors": []}