Severity by source
AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Primary rating from Vendor (patchstack) · only source for this CVE.
CVSS VectorVendor: patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:H
Lifecycle Timeline
1DescriptionCVE.org
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Epiphyt Embed Privacy allows Path Traversal.
This issue affects Embed Privacy: from n/a through 1.12.3.
AnalysisAI
Authenticated path traversal in the Epiphyt Embed Privacy WordPress plugin (versions up to and including 1.12.3) lets a low-privileged user supply a crafted pathname that escapes the plugin's intended directory, enabling arbitrary file deletion on the host as reflected by the Patchstack advisory title. The CVSS 7.1 vector (C:N/I:L/A:H) shows the primary danger is availability — deleting files such as wp-config.php or core assets can break or take down the site. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
24 hours: Deactivate and remove the Epiphyt Embed Privacy plugin from all WordPress installations. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-40060
GHSA-f3vj-vpq8-wfhm