Description
WordPress Plugin Wholesale Market for WooCommerce is prone to a directory traversal vulnerability because it fails to sufficiently verify user-supplied input. Exploiting this issue can allow an attacker to obtain sensitive information that could aid in further attacks. WordPress Plugin Wholesale Market for WooCommerce version 1.0.8 is vulnerable; prior versions may also be affected.
Remediation
Update to plugin version 2.0.0 or latest
References
https://sploitus.com/exploit?id=WPEX-ID:51E023DE-189D-4557-9655-23F7BA58B670
https://woocommerce.com/products/wholesale-market-for-woocommerce/
Related Vulnerabilities
WordPress Plugin Broken Link Checker Cross-Site Scripting (1.10.8)
WordPress Plugin Multisite Post Duplicator Cross-Site Request Forgery (0.9.5.1)
WordPress Plugin SEO Tools 'file' Parameter Directory Traversal (3.1.7)
WordPress Plugin Product Addons & Fields for WooCommerce Unspecified Vulnerability (13.7)