Cyber Resilience

CVE-2024-50509

High

Published: 30 October 2024

Published
30 October 2024
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 8.6 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
EPSS Score 0.2865 96.6th percentile
Risk Priority 34 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2024-50509 is a high-severity Path Traversal (CWE-22) vulnerability. Its CVSS base score is 8.6 (High).

Operationally, ranked in the top 3.4% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

Deeper analysis

The vulnerability is a path traversal flaw, tracked as CWE-22, in the WooCommerce Product Design plugin for WordPress. It affects all versions through 1.0.0 and allows improper pathname limitation that can be abused to reach restricted directories.

An unauthenticated attacker can send crafted requests over the network to trigger the flaw, resulting in arbitrary file deletion and a high impact on availability. The CVSS 8.6 score reflects that the attack requires no credentials or user interaction and changes scope beyond the vulnerable component.

The Patchstack advisory for this issue identifies the problem as an arbitrary file deletion vulnerability and directs administrators to apply the vendor patch or remove the plugin until a fix is installed. The current EPSS of 0.2865 indicates moderate exploitation likelihood but shows no material upward trajectory since disclosure.

EU & UK References

Vulnerability details

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Chetan Khandla Woocommerce Product Design woo-product-design allows Path Traversal.This issue affects Woocommerce Product Design: from n/a through <= 1.0.0.

CWE(s)

Related Threats

No named actor attribution yet. ATT&CK technique mapping in progress for this CVE.

Affected Assets

Mitigating Controls

Likely Mitigating Controls AI

Per-CVE control mapping for this CVE has not run yet; the list below is derived from the weakness types (CWEs) cited in the NVD entry.

addresses: CWE-22

Validates pathnames and filenames to prevent traversal outside intended directories.

References