Path Traversal in Ghera74 Ilghera Carta Docente For Woocommerce
CVE-2026-2421
The ilGhera Carta Docente for WooCommerce plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.5.0 via the 'cert' parameter of the 'wccd-delete-certificate' AJAX action. This is due to insufficient f…
Vulnerability class: Path Traversal (Directory Traversal)
EPSS: 0.001 (35.0th percentile) — read the EPSS interpretation.
CVSS v3 metric
CVSS v3 base score 6.5 (Medium). Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:N/I:H/A:H.
Affected products
- Ghera74 Ilghera Carta Docente For Woocommerce — versions 0
Weakness classification (CWE)
References
- www.wordfence.com/threat-intel/vulnerabilities/id/7aab1307-7fb5-46fb-ae12-087dc…
- plugins.trac.wordpress.org/browser/wc-carta-docente/trunk/includes/class-wccd-a…
- plugins.trac.wordpress.org/browser/wc-carta-docente/tags/1.4.7/includes/class-w…
- plugins.trac.wordpress.org/browser/wc-carta-docente/tags/1.5.1/includes/class-w…
Frequently asked questions
- What is CVE-2026-2421?
- CVE-2026-2421 is a medium-severity vulnerability in Ghera74 Ilghera Carta Docente For Woocommerce, classified under Path Traversal. CVSS score: 6.5/10. Published 2026-03-20.
- How severe is CVE-2026-2421?
- Medium severity. CVSS v3 base score is 6.5 out of 10.