CVE-2025-31411: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2025-31411) is a Path Traversal vulnerability discovered in Aribhour Linet ERP-Woocommerce Integration plugin versions through 3.5.12. The issue was disclosed on April 10, 2025, and allows authenticated administrators to perform arbitrary file read and deletion operations (Patchstack).

The vulnerability is classified as CWE-22 (Improper Limitation of a Pathname to a Restricted Directory) with a CVSS v3.1 Base Score of 5.9 (Medium). The attack vector is Network-based (AV:N) with High attack complexity (AC:H), requires High privileges (PR:H), no user interaction (UI:N), and has an Unchanged scope (S:U). The impact includes High confidentiality (C:H) and integrity (I:H) risks, with No impact on availability (A:N) (NVD).

The vulnerability could allow an authenticated administrator to perform arbitrary file read and deletion operations on the affected WordPress installation. If exploited, this could lead to unauthorized access to sensitive files and potential deletion of critical system files, which could cause website malfunction (Patchstack).

As of the disclosure date, no official fix has been released for this vulnerability. Given the low severity impact and unlikely exploitation probability, the vulnerability is considered low priority for virtual patching (Patchstack).

The vulnerability was initially discovered and reported by security researcher 0xd4rk5id3 on March 27, 2025, before being publicly disclosed by Patchstack on April 10, 2025 (Patchstack).