CVE-2026-2421

ilGhera Carta Docente for WooCommerce <= 1.5.0 - Authenticated (Administrator+) Path Traversal to Arbitrary File Deletion via 'cert' Parameter

Severity Score

6.5

*CVSS v3.1

Exploit Likelihood

*EPSS

Affected Versions

*CPE

Public Exploits

*Multiple Sources

Exploited in Wild

*KEV

Decision

Track

*SSVC

Descriptions

The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient file path validation before performing a file deletion. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, such as wp-config.php, which can make site takeover and remote code execution possible.

El plugin ilGhera Carta Docente para WooCommerce para WordPress es vulnerable a salto de ruta en todas las versiones hasta la 1.5.0, inclusive, a través del parámetro 'cert' de la acción AJAX 'wccd-delete-certificate'. Esto se debe a una validación insuficiente de la ruta del archivo antes de realizar una eliminación de archivo. Esto hace posible que atacantes autenticados, con acceso de nivel de Administrador o superior, eliminen archivos arbitrarios en el servidor, como wp-config.php, lo que puede hacer posible la toma de control del sitio y la ejecución remota de código.

*Credits: Abhirup Konwar

CVSS Scores

Wordfencev3.1 6.5

Attack Vector

Network

Attack Complexity

Low

Privileges Required

High

User Interaction

None

Scope

Unchanged

Confidentiality

None

Integrity

High

Availability

High

* Common Vulnerability Scoring System

SSVC

Decision:Track

Exploitation

None

Automatable

Tech. Impact

Partial

* Organization's Worst-case Scenario

Timeline

2026-02-12 CVE Reserved
2026-03-20 CVE Published
2026-03-20 CVE Updated
2026-03-26 EPSS Updated
---------- Exploited in Wild
---------- KEV Due Date
---------- First Exploit

CWE

CWE-22: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

CAPEC

References (4)

URL	Tag	Source
https://plugins.trac.wordpress.org/browser/wc-carta-docente/tags/1.4.7/includes/class-wccd-admin.php#L88
https://plugins.trac.wordpress.org/browser/wc-carta-docente/tags/1.5.1/includes/class-wccd-admin.php#L80
https://plugins.trac.wordpress.org/browser/wc-carta-docente/trunk/includes/class-wccd-admin.php#L88
https://www.wordfence.com/threat-intel/vulnerabilities/id/7aab1307-7fb5-46fb-ae12-087dce3086fc?source=cve

URL	Date	SRC

URL	Date	SRC

URL	Date	SRC

Affected Vendors, Products, and Versions

Vendor		Product				Version		Other		Status
Vendor	Product	Version	Other	Status	<-- -->	Vendor	Product	Version	Other	Status
Ghera74 Search vendor "Ghera74"		IlGhera Carta Docente For WooCommerce Search vendor "Ghera74" for product "IlGhera Carta Docente For WooCommerce"				<= 1.5.0 Search vendor "Ghera74" for product "IlGhera Carta Docente For WooCommerce" and version " <= 1.5.0"		en		Affected