CVSS: 7.5EPSS: %CPEs: 1EXPL: 0CVE-2025-48124 – Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Arbitrary File Download
https://notcve.org/view.php?id=CVE-2025-48124
30 May 2025 — The Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.4.37. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. • CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-48123 – Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Remote Code Execution
https://notcve.org/view.php?id=CVE-2025-48123
21 May 2025 — The Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 2.4.37. This makes it possible for unauthenticated attackers to execute code on the server. • CWE-94: Improper Control of Generation of Code ('Code Injection') •
CVSS: 9.8EPSS: %CPEs: 1EXPL: 0CVE-2025-48129 – Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Privilege Escalation
https://notcve.org/view.php?id=CVE-2025-48129
20 May 2025 — The Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin for WordPress is vulnerable to Privilege Escalation in all versions up to, and including, 2.4.37. This makes it possible for unauthenticated attackers to register as an administrator. • CWE-266: Incorrect Privilege Assignment •
CVSS: 9.8EPSS: 0%CPEs: 1EXPL: 0CVE-2025-39378 – WordPress Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin <= 2.4.37 - Local File Inclusion vulnerability
https://notcve.org/view.php?id=CVE-2025-39378
21 Apr 2025 — Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in Holest Engineering Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light allows PHP Local File Inclusion. This issue affects Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light: from n/a through 2.4.37. The Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light plugin for WordPress is vulnerable to Local File Inclusion in versions up to, and incl... • https://patchstack.com/database/wordpress/plugin/excel-like-price-change-for-woocommerce-and-wp-e-commerce-light/vulnerability/wordpress-spreadsheet-price-changer-for-woocommerce-and-wp-e-commerce-light-plugin-2-4-37-local-file-inclusion-vulnerability?_s_id=cve • CWE-98: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') •