Vulnerability-Lookup

CNVD-2026-23812

Vulnerability from cnvd - Published: 2026-06-12

Title

WordPress插件Recover Exit For WooCommerce文件包含漏洞

Description

WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress插件Recover Exit For WooCommerce存在文件包含漏洞，该漏洞源于对用户控制的tpf POST参数验证和清理不足，未经身份验证的攻击者可利用该漏洞进行路径遍历并包含意外的本地PHP文件，导致敏感信息泄露和代码执行。

Severity

高

Formal description

厂商尚未提供漏洞修复方案，请关注厂商主页更新： https://www.wordfence.com/threat-intel/vulnerabilities/id/10552714-c8fb-455c-ad61-c0ef2db4b69f?source=cve

Reference

https://nvd.nist.gov/vuln/detail/CVE-2026-9662

Impacted products

Name
WordPress Recover Exit For WooCommerce <=1.0.3

Show details on source website

JSON

To clipboard

{
  "cves": {
    "cve": {
      "cveNumber": "CVE-2026-9662",
      "cveUrl": "https://nvd.nist.gov/vuln/detail/CVE-2026-9662"
    }
  },
  "description": "WordPress\u662f\u4e00\u5957\u4f7f\u7528PHP\u8bed\u8a00\u5f00\u53d1\u7684\u535a\u5ba2\u5e73\u53f0\u3002\u8be5\u5e73\u53f0\u5177\u6709\u5728\u57fa\u4e8ePHP\u548cMySQL\u7684\u670d\u52a1\u5668\u4e0a\u67b6\u8bbe\u4e2a\u4eba\u535a\u5ba2\u7f51\u7ad9\u7684\u529f\u80fd\u3002WordPress plugin\u662f\u4e00\u4e2a\u5e94\u7528\u63d2\u4ef6\u3002\n\nWordPress\u63d2\u4ef6Recover Exit For WooCommerce\u5b58\u5728\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e\uff0c\u8be5\u6f0f\u6d1e\u6e90\u4e8e\u5bf9\u7528\u6237\u63a7\u5236\u7684tpf POST\u53c2\u6570\u9a8c\u8bc1\u548c\u6e05\u7406\u4e0d\u8db3\uff0c\u672a\u7ecf\u8eab\u4efd\u9a8c\u8bc1\u7684\u653b\u51fb\u8005\u53ef\u5229\u7528\u8be5\u6f0f\u6d1e\u8fdb\u884c\u8def\u5f84\u904d\u5386\u5e76\u5305\u542b\u610f\u5916\u7684\u672c\u5730PHP\u6587\u4ef6\uff0c\u5bfc\u81f4\u654f\u611f\u4fe1\u606f\u6cc4\u9732\u548c\u4ee3\u7801\u6267\u884c\u3002",
  "formalWay": "\u5382\u5546\u5c1a\u672a\u63d0\u4f9b\u6f0f\u6d1e\u4fee\u590d\u65b9\u6848\uff0c\u8bf7\u5173\u6ce8\u5382\u5546\u4e3b\u9875\u66f4\u65b0\uff1a\r\nhttps://www.wordfence.com/threat-intel/vulnerabilities/id/10552714-c8fb-455c-ad61-c0ef2db4b69f?source=cve",
  "isEvent": "\u901a\u7528\u8f6f\u786c\u4ef6\u6f0f\u6d1e",
  "number": "CNVD-2026-23812",
  "openTime": "2026-06-12",
  "products": {
    "product": "WordPress Recover Exit For WooCommerce \u003c=1.0.3"
  },
  "referenceLink": "https://nvd.nist.gov/vuln/detail/CVE-2026-9662",
  "serverity": "\u9ad8",
  "submitTime": "2026-06-10",
  "title": "WordPress\u63d2\u4ef6Recover Exit For WooCommerce\u6587\u4ef6\u5305\u542b\u6f0f\u6d1e"
}

CVE-2026-9662 (GCVE-0-2026-9662)

Vulnerability from cvelistv5 – Published: 2026-06-09 03:41 – Updated: 2026-06-09 14:55

Title

Recover Exit For WooCommerce <= 1.0.3 - Unauthenticated Local File Inclusion via 'tpf' Parameter

Summary

The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled `tpf` POST parameter before it is used in an `include()` path in the `recover_exit()` function. This makes it possible for unauthenticated attackers to perform path traversal and include unintended local PHP files, which can lead to sensitive information exposure and, in certain deployment chains, code execution.

Severity

8.1 (High)


                        
                          CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H

SSVC

Exploitation: none Automatable: no Technical Impact: total

CISA Coordinator (v2.0.3)

CWE

CWE-98 - Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')

Assigner

Wordfence

References

7 references

URL	Tags
https://www.wordfence.com/threat-intel/vulnerabil…
https://plugins.trac.wordpress.org/browser/recove…
https://plugins.trac.wordpress.org/browser/recove…
https://plugins.trac.wordpress.org/browser/recove…
https://plugins.trac.wordpress.org/browser/recove…
https://plugins.trac.wordpress.org/browser/recove…
https://plugins.trac.wordpress.org/browser/recove…

Impacted products

1 product

Vendor	Product	Version
plasmatizemedia	Recover Exit For WooCommerce	Affected: 0 , ≤ 1.0.3 (semver)

Credits

Le Nguyen Khang

Show details on NVD website

JSON

To clipboard

{
  "containers": {
    "adp": [
      {
        "metrics": [
          {
            "other": {
              "content": {
                "id": "CVE-2026-9662",
                "options": [
                  {
                    "Exploitation": "none"
                  },
                  {
                    "Automatable": "no"
                  },
                  {
                    "Technical Impact": "total"
                  }
                ],
                "role": "CISA Coordinator",
                "timestamp": "2026-06-09T14:51:12.982966Z",
                "version": "2.0.3"
              },
              "type": "ssvc"
            }
          }
        ],
        "providerMetadata": {
          "dateUpdated": "2026-06-09T14:55:09.688Z",
          "orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0",
          "shortName": "CISA-ADP"
        },
        "title": "CISA ADP Vulnrichment"
      }
    ],
    "cna": {
      "affected": [
        {
          "defaultStatus": "unaffected",
          "product": "Recover Exit For WooCommerce",
          "vendor": "plasmatizemedia",
          "versions": [
            {
              "lessThanOrEqual": "1.0.3",
              "status": "affected",
              "version": "0",
              "versionType": "semver"
            }
          ]
        }
      ],
      "credits": [
        {
          "lang": "en",
          "type": "finder",
          "value": "Le Nguyen Khang"
        }
      ],
      "descriptions": [
        {
          "lang": "en",
          "value": "The Recover Exit For WooCommerce plugin for WordPress is vulnerable to Local File Inclusion in all versions up to and including 1.0.3. This is due to insufficient validation and sanitization of the user-controlled `tpf` POST parameter before it is used in an `include()` path in the `recover_exit()` function. This makes it possible for unauthenticated attackers to perform path traversal and include unintended local PHP files, which can lead to sensitive information exposure and, in certain deployment chains, code execution."
        }
      ],
      "metrics": [
        {
          "cvssV3_1": {
            "baseScore": 8.1,
            "baseSeverity": "HIGH",
            "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H",
            "version": "3.1"
          }
        }
      ],
      "problemTypes": [
        {
          "descriptions": [
            {
              "cweId": "CWE-98",
              "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program (\u0027PHP Remote File Inclusion\u0027)",
              "lang": "en",
              "type": "CWE"
            }
          ]
        }
      ],
      "providerMetadata": {
        "dateUpdated": "2026-06-09T03:41:18.003Z",
        "orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
        "shortName": "Wordfence"
      },
      "references": [
        {
          "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/10552714-c8fb-455c-ad61-c0ef2db4b69f?source=cve"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/recoverexit-for-woocommerce/trunk/recover_exit_main.php#L42"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/recoverexit-for-woocommerce/tags/1.0.3/recover_exit_main.php#L42"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/recoverexit-for-woocommerce/trunk/recover_exit_main.php#L41"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/recoverexit-for-woocommerce/tags/1.0.3/recover_exit_main.php#L41"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/recoverexit-for-woocommerce/trunk/recoverexit_woocommerce.php#L52"
        },
        {
          "url": "https://plugins.trac.wordpress.org/browser/recoverexit-for-woocommerce/tags/1.0.3/recoverexit_woocommerce.php#L52"
        }
      ],
      "timeline": [
        {
          "lang": "en",
          "time": "2026-06-08T15:06:35.000Z",
          "value": "Disclosed"
        }
      ],
      "title": "Recover Exit For WooCommerce \u003c= 1.0.3 - Unauthenticated Local File Inclusion via \u0027tpf\u0027 Parameter"
    }
  },
  "cveMetadata": {
    "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599",
    "assignerShortName": "Wordfence",
    "cveId": "CVE-2026-9662",
    "datePublished": "2026-06-09T03:41:18.003Z",
    "dateReserved": "2026-05-26T22:28:08.137Z",
    "dateUpdated": "2026-06-09T14:55:09.688Z",
    "state": "PUBLISHED"
  },
  "dataType": "CVE_RECORD",
  "dataVersion": "5.2"
}

Sightings

Author	Source	Type	Date	Other

Nomenclature

Seen: The vulnerability was mentioned, discussed, or observed by the user.
Confirmed: The vulnerability has been validated from an analyst's perspective.
Published Proof of Concept: A public proof of concept is available for this vulnerability.
Exploited: The vulnerability was observed as exploited by the user who reported the sighting.
Patched: The vulnerability was observed as successfully patched by the user who reported the sighting.
Not exploited: The vulnerability was not observed as exploited by the user who reported the sighting.
Not confirmed: The user expressed doubt about the validity of the vulnerability.
Not patched: The vulnerability was not observed as successfully patched by the user who reported the sighting.

Detection rules are retrieved from Rulezet.

Action not permitted

CNVD-2026-23812

CVE-2026-9662 (GCVE-0-2026-9662)

Tags

Sightings

Nomenclature