Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through < 5.3.0.
Published: 2026-03-25
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Arbitrary file deletion potentially causing data loss or denial of service
Action: Immediate Patch
AI Analysis

Impact

The flaw allows an attacker to traverse the filesystem and delete files from within the WordPress installation. This executes a path traversal attack that can remove critical data, configuration files, or service components, thereby disrupting website availability. It is a classic CWE‑22 weakness.

Affected Systems

The vulnerability affects the WordPress plugin YML for Yandex Market published by icopydoc. All releases prior to version 5.3.0 are susceptible; versions 5.3.0 and later include the fix.

Risk and Exploitability

The CVSS score of 6.8 denotes moderate severity. No EPSS score is reported, and the issue is not listed in CISA's Known Exploited Vulnerabilities catalog. The attack is likely to be carried out through the plugin’s interface, with a remote user crafting a path traversal payload.

Generated by OpenCVE AI on March 25, 2026 at 22:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade YML for Yandex Market to version 5.3.0 or newer
  • If an upgrade cannot be performed immediately, disable or uninstall the plugin to eliminate the vulnerability
  • Restrict file system permissions on the plugin’s directories to prevent unauthorized deletion

Generated by OpenCVE AI on March 25, 2026 at 22:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Thu, 26 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
First Time appeared Icopydoc
Icopydoc yml For Yandex Market
Wordpress
Wordpress wordpress
Vendors & Products Icopydoc
Icopydoc yml For Yandex Market
Wordpress
Wordpress wordpress

Wed, 25 Mar 2026 20:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Wed, 25 Mar 2026 16:45:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in icopydoc YML for Yandex Market yml-for-yandex-market allows Path Traversal.This issue affects YML for Yandex Market: from n/a through < 5.3.0.
Title WordPress YML for Yandex Market plugin < 5.3.0 - Arbitrary File Deletion vulnerability
Weaknesses CWE-22
References

Subscriptions

Icopydoc Yml For Yandex Market
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-03-25T19:19:46.524Z

Reserved: 2026-03-12T11:12:48.312Z

Link: CVE-2026-32567

cve-icon Vulnrichment

Updated: 2026-03-25T19:19:28.179Z

cve-icon NVD

Status : Deferred

Published: 2026-03-25T17:17:08.797

Modified: 2026-04-24T16:35:20.070

Link: CVE-2026-32567

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-26T12:12:07Z

Weaknesses