The vulnerability identified as CVE-2025-47535 involves improper limitation of a pathname to a restricted directory in the wpopal Opal Woo Custom Product Variation plugin (version ≤ 1.2.0). This path traversal flaw enables an attacker to access files outside the designated directory boundaries. The CVSS 3.1 score is 8.6, reflecting network attack vector, low attack complexity, no privileges or user interaction required, and a scope change with impact limited to availability disruption. No known exploits in the wild or vendor patches have been reported as of the publication date.

An attacker can exploit this vulnerability remotely without authentication or user interaction to cause a denial of service condition by accessing files outside the intended directory, impacting the availability of the affected system. There is no reported impact on confidentiality or integrity.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider restricting access to the plugin and monitoring for unusual file access patterns related to the plugin's directory. Avoid exposing the affected plugin to untrusted networks if possible.