Description
Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Upload a Web Shell to a Web Server.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.3.9.
Published: 2025-05-23
Score: 10 Critical
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability allows an attacker to upload files of any type to the web server. Because the plugin does not validate the file content, a malicious user could upload a web shell or other executable code and execute it. This leads to remote code execution on the affected site, enabling full compromise of the underlying server.

Affected Systems

The flaw exists in Printcart Web to Print Product Designer for WooCommerce, affecting all releases up to and including 2.3.9. Any WordPress site that has this plugin installed and not upgraded with a later version is vulnerable. The plugin is used by WooCommerce merchants and other e‑commerce customers.

Risk and Exploitability

The CVSS score of 10 indicates maximum severity. The EPSS score of <1% shows that exploitation attempts are currently rare, but the lack of any restrictions in the upload path suggests that attackers could target the plugin from any user session, possibly even unauthenticated, once a staging/guest upload point is found. The vulnerability is not yet listed in CISA KEV, but should be treated as high‑risk due to potential RCE.

Generated by OpenCVE AI on April 30, 2026 at 12:25 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Printcart Web to Print Product Designer for WooCommerce to the latest available version (>=2.4).
  • If an upgrade is not possible, disable the plugin’s upload functionality by removing the upload endpoint or configuring plugin settings to block file uploads.
  • Restrict direct access to the site’s uploads directory with server configuration (e.g., .htaccess) and block execution of any uploaded scripts.
  • Regularly scan the uploads directory for unexpected executable files and monitor web server logs for suspicious upload activity.

Generated by OpenCVE AI on April 30, 2026 at 12:25 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28108 Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8. Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce printcart-integration allows Upload a Web Shell to a Web Server.This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through <= 2.3.9.
Title WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability WordPress Printcart Web to Print Product Designer for WooCommerce plugin <= 2.3.9 - Arbitrary File Upload Vulnerability
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Fri, 23 May 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 23 May 2025 13:00:00 +0000

Type Values Removed Values Added
Description Unrestricted Upload of File with Dangerous Type vulnerability in printcart Printcart Web to Print Product Designer for WooCommerce allows Upload a Web Shell to a Web Server. This issue affects Printcart Web to Print Product Designer for WooCommerce: from n/a through 2.3.8.
Title WordPress Printcart Web to Print Product Designer for WooCommerce <= 2.3.8 - Arbitrary File Upload Vulnerability
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 10, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H'}

Subscriptions

Woocommerce Woocommerce
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:47.929Z

Reserved: 2025-05-07T10:45:05.653Z

Link: CVE-2025-47641

cve-icon Vulnrichment

Updated: 2025-05-23T17:02:29.925Z

cve-icon NVD

Status : Deferred

Published: 2025-05-23T13:15:41.620

Modified: 2026-04-23T15:30:39.780

Link: CVE-2025-47641

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T12:30:16Z

Weaknesses