Currently free during beta - premium features coming soon. Subscribe now to lock in early access.

CVE-2026-9725 (CVSS 9.1) — The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path valid

CVE Vulnerabilities & CVEs · · nvd

AI Analysis

A critical vulnerability, CVE-2026-9725, has been published with a CVSS score of 9.1, affecting the Printcart Web to Print Product Designer for WooCommerce plugin for WordPress, versions up to and including 2.5.2. The flaw allows arbitrary file deletion due to insufficient path validation, meaning an attacker could remove critical system files, potentially leading to site compromise or denial of service. This was published on July 3, 2026, by the National Vulnerability Database.

Organizations most affected are those in the e-commerce, retail, and print-on-demand sectors that use WordPress with WooCommerce and this specific plugin. Any business relying on this plugin for product customization—such as print shops, merchandise sellers, or marketing agencies—faces direct risk. Given the high severity, compliance teams should prioritize this as a material security incident under frameworks like GDPR or PCI DSS if customer data or payment systems are impacted.

Compliance teams should immediately verify if their organization uses the affected plugin and, if so, apply the vendor’s patch or upgrade to a version beyond 2.5.2. Conduct a risk assessment to determine if any data was exposed or systems were compromised, and document remediation steps for regulatory reporting. Finally, update your vulnerability management and incident response procedures to include this CVE, and ensure all affected systems are isolated until patched.

Get notified about CVE changes

Subscribe to our free weekly digest covering 24 compliance frameworks.