{"id":86256,"date":"2026-01-11T05:25:41","date_gmt":"2026-01-11T05:25:41","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-39391-php-remote-file-inclusion-vulnerability-in-woocommerce-checkout-field-visibility-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-39391-php-remote-file-inclusion-vulnerability-in-woocommerce-checkout-field-visibility-plugin\/","title":{"rendered":"CVE-2025-39391: PHP Remote File Inclusion Vulnerability in WooCommerce Checkout Field Visibility Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The vulnerability, identified as CVE-2025-39391, pertains to an Improper Control of Filename for Include\/Require Statement in PHP Program (‘PHP Remote File Inclusion’) vulnerability in the Checkout Field Visibility for WooCommerce plugin. This vulnerability can lead to PHP Local File Inclusion, affecting all versions of the plugin up to 1.2.3. Given the widespread use of WooCommerce, this vulnerability has the potential to compromise a significant number of e-commerce websites, leading to system compromise or data leakage.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-39391
\nSeverity: High (CVSS: 7.5)
\nAttack Vector: Network
\nPrivileges Required: Low
\nUser Interaction: None
\nImpact: System compromise and potential data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n