CVE-2025-6440 - Vulnerability Details

- WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload

Description

The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and including, 1.9.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Published: 2025-10-24

Score: 9.8 Critical

EPSS: < 1% Very Low

KEV: No

Impact:

Action:

Analysis

Impact

WooCommerce Designer Pro implements an AJAX endpoint, wcdp_save_canvas_design_ajax, that accepts file uploads with no validation of file type. An unauthenticated attacker can therefore upload any file to the site’s server, and if a malicious script is uploaded the attacker may achieve arbitrary code execution on the server. The weakness is identified as CWE‑434 and can compromise the confidentiality, integrity, and availability of the website.

Affected Systems

WordPress sites that have the WooCommerce Designer Pro plugin from JMA Plugins installed at version 1.9.26 or older. The plugin is commonly used with the Pricom – Printing Company & Design Services WordPress theme, so any site using that theme with a vulnerable version of the plugin is affected.

Risk and Exploitability

The vulnerability has a CVSS score of 9.8, indicating very high impact, while the EPSS score is less than 1 %, suggesting a low overall probability of exploitation at present. It is not listed in CISA’s KEV catalog. Attackers only need unauthenticated access to the endpoint to upload a file; no further credentials or privileged actions are required. If code execution is achieved, the attacker can maintain persistent control or exfiltrate data.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

JMA Plugins

WooCommerce Designer Pro

unaffected

Version	Status	Constraints
`0`	affected	≤ 1.9.26

No data.

Vendor	Product	Confidence	Versions
Jma Plugins	Woocommerce Designer Pro	—	—
Wordpress	Wordpress	—	—

Found an issue or want to improve our Enrichment? You can suggest it directly by opening an issue on our dedicated GitHub repository .

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Upgrade WooCommerce Designer Pro to version 1.9.27 or later.
Restrict uploads so that only valid image formats are accepted, and remove execution permissions from the upload directory.
Deploy a web application firewall or similar controls to block malicious upload attempts to the AJAX endpoint.

Generated by OpenCVE AI on April 20, 2026 at 19:08 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.00351.

Exploitation none

Automatable yes

Technical Impact total

References

Link	Providers
https://codecanyon.net/item/woocommerce-designer-pro-cmyk-card-flyer/22027731
https://www.wordfence.com/threat-intel/vulnerabilities/id/cc2f8da1-7503-45e3-8a7d-0031ce264edf?source=cve

History

Mon, 27 Oct 2025 22:30:00 +0000

Type	Values Removed	Values Added
First Time appeared		Jma Plugins Jma Plugins woocommerce Designer Pro Wordpress Wordpress wordpress
Vendors & Products		Jma Plugins Jma Plugins woocommerce Designer Pro Wordpress Wordpress wordpress

Fri, 24 Oct 2025 17:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}`

Fri, 24 Oct 2025 07:45:00 +0000

Type	Values Removed	Values Added
Description		The WooCommerce Designer Pro plugin for WordPress, used by the Pricom - Printing Company & Design Services WordPress theme, is vulnerable to arbitrary file uploads due to missing file type validation in the 'wcdp_save_canvas_design_ajax' function in all versions up to, and including, 1.9.26. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title		WooCommerce Designer Pro <= 1.9.26 - Unauthenticated Arbitrary File Upload
Weaknesses		CWE-434
References		https://codecanyon.net/item/woocommerce-designer-pro-cmyk-card-flyer/22027731 https://www.wordfence.com/threat-intel/vulnerabilities/id/cc2f8da1-7503-45e3-8a7d-0031ce264edf?source=cve
Metrics		cvssV3_1 `{'score': 9.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H'}`

Subscriptions

Jma Plugins Woocommerce Designer Pro

Wordpress Wordpress

MITRE

Status: PUBLISHED

Assigner: Wordfence

Published: 2025-10-24T07:23:28.109Z

Updated: 2026-04-08T17:23:42.041Z

Reserved: 2025-06-20T17:05:55.640Z

Link: CVE-2025-6440

Vulnrichment

Updated: 2025-10-24T16:51:06.748Z

NVD

Status : Deferred

Published: 2025-10-24T08:15:34.750

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-6440

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-04-20T19:15:15Z

Weaknesses

CWE-434

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required None

Scope Unchanged

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable yes

Technical Impact total

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object