CVE-2025-15433

| EUVD-2025-209042 MEDIUM
2026-03-26 WPScan GHSA-fwg5-qqw8-5x24
6.8
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
High
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

4
PoC Detected
Mar 26, 2026 - 15:13 vuln.today
Public exploit code
EUVD ID Assigned
Mar 26, 2026 - 06:30 euvd
EUVD-2025-209042
Analysis Generated
Mar 26, 2026 - 06:30 vuln.today
CVE Published
Mar 26, 2026 - 06:00 nvd
MEDIUM 6.8

Tags

WordPress PHP Path Traversal

Description

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector

Analysis

The Shared Files WordPress plugin before version 1.7.58 contains a path traversal vulnerability that allows attackers with Contributor-level privileges or higher to download arbitrary files from the web server, including sensitive configuration files such as wp-config.php. A public proof-of-concept exploit is available, making this vulnerability actively exploitable in the wild. This represents a critical information disclosure risk affecting WordPress installations using affected versions of the plugin.

Technical Context

The vulnerability exploits improper input validation in the Shared Files plugin's file download mechanism, allowing path traversal sequences (such as ../ or absolute paths) to bypass intended directory restrictions. The root cause falls under CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic path traversal flaw in file handling logic. The affected product is identified via CPE as cpe:2.3:a:unknown:shared_files:*:*:*:*:*:*:*:*, indicating all versions up to 1.7.57 are vulnerable. The plugin's download handler fails to properly sanitize user-supplied file path parameters before passing them to PHP file system functions, enabling traversal of the server's directory structure. This is particularly dangerous in WordPress environments where wp-config.php contains database credentials and authentication keys.

Affected Products

The Shared Files WordPress plugin in all versions prior to 1.7.58 is affected, as confirmed by the CPE identifier cpe:2.3:a:unknown:shared_files:*:*:*:*:*:*:*:*. The vulnerability has been documented and tracked by WPScan vulnerability database at https://wpscan.com/vulnerability/893667a1-dc8f-476a-ac00-55752fface90/. Organizations running any version of this plugin below 1.7.58 should assume their installations are vulnerable to exploitation.

Remediation

Immediately upgrade the Shared Files WordPress plugin to version 1.7.58 or later through the WordPress plugin dashboard or by downloading directly from the official plugin repository. If the plugin cannot be upgraded immediately, disable or remove the plugin entirely to eliminate the attack surface, as this vulnerability can be exploited by any user with Contributor privileges or higher. Conduct a security audit of affected WordPress installations to determine if wp-config.php or other sensitive files have been accessed or downloaded; review server access logs and WordPress user audit trails for suspicious file download activity. Consider implementing network-level controls such as Web Application Firewalls (WAF) with path traversal detection rules to block exploitation attempts during any transition period.

Priority Score

54
Low Medium High Critical
KEV: 0
EPSS: +0.0
CVSS: +34
POC: +20

Share

CVE-2025-15433 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy