The vulnerability is a classic path traversal flaw that permits an attacker to manipulate file paths, allowing read access to arbitrary files on the server. The flaw exists in the WooCommerce Payment Gateway for Saferpay plugin due to improper handling of slashes in user-supplied input. If exploited, an attacker could retrieve sensitive configuration files, credentials, or other confidential data stored on the web server, potentially leading to further compromise. Based on the description, it is inferred that an attacker could trigger this flaw by sending a crafted HTTP request to the WordPress site containing malicious path input.

WooCommerce Payment Gateway for Saferpay, a WordPress plugin developed by Stefan Keller. Versions up to and including 0.4.9 are affected; any release newer than 0.4.9 is considered safe.

The CVSS score of 7.5 indicates a high severity vulnerability. The EPSS score of less than 1% signals that, despite the seriousness, real-world exploitation is currently low probability, and the vulnerability is not listed in the CISA KEV catalog. Attackers can reach the vulnerable code through a web request to the WordPress site, exploiting the plugin's lack of proper path validation. Based on the description, it is inferred that the vulnerability can be exploited without authentication, as the path traversal flaw is triggered by accessing the plugin interface via standard HTTP requests. Because the attack does not require privileged credentials, the risk level is significant for sites that rely on the plugin without additional safeguards.