How severe is CVE-2025-4602?

This vulnerability has a severity rating of MEDIUM with a CVSS score of 5.9 out of 10.

What type of vulnerability is CVE-2025-4602?

This is classified as CWE-73, which is a common weakness in software security.

CVE-2025-4602 - MEDIUM Severity | CVSS 5.9

Vulnerability Description

The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Reads in all versions up to, and including, 1.2.5 via the get_file() function. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials.

Related Vulnerabilities

CVE-2020-8553

MEDIUM

CVSS:5.9(Medium)

The Kubernetes ingress-nginx component prior to version 0.28.0 allows a user with the ability to create namespaces and to read and create ingress objects to overwrite the password file of another ingr...

CWE-732020

CVE-2021-34761

MEDIUM

CVSS:6.0(Medium)

A vulnerability in Cisco Firepower Threat Defense (FTD) Software could allow an authenticated, local attacker to overwrite or append arbitrary data to system files using root-level privileges. The att...

CWE-732021

CVE-2023-20234

MEDIUM

CVSS:6.0(Medium)

A vulnerability in the CLI of Cisco FXOS Software could allow an authenticated, local attacker to create a file or overwrite any file on the filesystem of an affected device, including system files. T...

CWE-732023

CVE-2025-1056

MEDIUM

CVSS:6.1(Medium)

Gee-netics, member of AXIS Camera Station Pro Bug Bounty Program, has identified an issue with a specific file that the server is using. A non-admin user can modify this file to either create files or...

CWE-732025

CVE-2025-32802

MEDIUM

CVSS:6.1(Medium)

Kea configuration and API directives can be used to overwrite arbitrary files, subject to permissions granted to Kea. Many common configurations run Kea as root, leave the API entry points unsecured b...

CWE-732025

CVE-2025-29819

MEDIUM

CVSS:6.2(Medium)

External control of file name or path in Azure Portal Windows Admin Center allows an unauthorized attacker to disclose information locally.

CWE-732025