Description
The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_files' function in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2025-07-18
Score: 9.8 Critical
EPSS: 1.4% Low
KEV: No
Impact: Remote Code Execution
Action: Immediate Patch
AI Analysis

Impact

The vulnerability allows an unauthenticated attacker to upload files of any type because the function ced_rnx_order_exchange_attach_files does not validate the file’s MIME type or extension. This flaw is classified as CWE-434. An attacker could place a PHP, .htaccess, or other executable file on the server and then execute it via the web server, giving full remote code execution on the WordPress site. The impact is a complete compromise of confidentiality, integrity, and availability for the affected website.

Affected Systems

The flaw exists in the WP Swings WooCommerce Refund And Exchange with RMA – Warranty Management, Refund Policy, Manage User Wallet add‑on for WordPress. Versions 3.2.6 and earlier are vulnerable. Sites using any of those versions hosted on a standard WordPress installation are at risk.

Risk and Exploitability

The CVSS score of 9.8 indicates a critical vulnerability. The EPSS score of <1% reflects a low probability of exploitation in the current field. The flaw is not listed in the CISA KEV catalog, but the lack of authentication combined with the ability to upload arbitrary files makes it theoretically straightforward for an attacker to discover the upload endpoint and place malicious content. The attack is delivered over the network through an unauthenticated HTTP request, and the attacker could proceed to execute the uploaded file if the server treats it as executable.

Generated by OpenCVE AI on April 21, 2026 at 19:40 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WP Swings WooCommerce Refund And Exchange with RMA – Warranty Management, Refund Policy, Manage User Wallet plugin to the latest version (≥3.2.7) where file type validation has been added.
  • If an upgrade cannot be performed immediately, disable the ced_rnx_order_exchange_attach_files upload feature or restrict the upload form so that files are stored in a non‑executable directory.
  • Deploy a web application firewall or use a WordPress security plugin to block arbitrary file uploads, permitting only safe file extensions (e.g., images).
  • Ensure the WordPress user role that handles uploads has the least privileges necessary, typically limiting the ability to create executables.

Generated by OpenCVE AI on April 21, 2026 at 19:40 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-21855 The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_files' function in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
History

Fri, 18 Jul 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Fri, 18 Jul 2025 05:30:00 +0000

Type Values Removed Values Added
Description The WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'ced_rnx_order_exchange_attach_files' function in all versions up to, and including, 3.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title WooCommerce Refund And Exchange with RMA - Warranty Management, Refund Policy, Manage User Wallet <= 3.2.6 - Unauthenticated Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T16:45:59.769Z

Reserved: 2025-06-17T22:31:51.523Z

Link: CVE-2025-6222

cve-icon Vulnrichment

Updated: 2025-07-18T14:54:29.548Z

cve-icon NVD

Status : Deferred

Published: 2025-07-18T06:15:26.730

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-6222

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T19:45:16Z

Weaknesses