CVE-2026-14500 | sayantandas20 Bulk Order Update for WooCommerce Plugin up to 1.6 AJAX bouw_fetch_csv_data csv_url path traversal
A vulnerability, which was classified as problematic, has been found in sayantandas20 Bulk Order Update for WooCommerce Plugin up to 1.6. This affects the function bouw_fetch_csv_data of the component AJAX Handler. The manipulation of the argument csv_url leads to path traversal.
This vulnerability is traded as CVE-2026-14500. It is possible to initiate the attack remotely. There is no exploit available.VulDB Recent EntriesRead More