CVE-2019-25295

MEDIUM
2026-01-08 [email protected]
6.5
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
None
Integrity
Low
Availability
Low

Lifecycle Timeline

2
Analysis Generated
Mar 12, 2026 - 21:54 vuln.today
CVE Published
Jan 08, 2026 - 02:15 nvd
MEDIUM 6.5

Tags

WordPress Path Traversal

Description

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.

Analysis

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site. [CVSS 6.5 MEDIUM]

Technical Context

Classified as CWE-22 (Path Traversal). Affects the uploadFormFiles component of WP Cost Estimation (WordPress plugin). The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.

Affected Products

Vendor: WordPress. Product: WP Cost Estimation (WordPress plugin). Versions: up to 9.660. Component: uploadFormFiles.

Remediation

Monitor vendor advisories for a patch. Validate and sanitize file path inputs. Use allowlists. Restrict network access to the affected service where possible.

Priority Score

33
Low Medium High Critical
KEV: 0
EPSS: +0.5
CVSS: +32
POC: 0

Share

CVE-2019-25295 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy