Skip to main content

WP Media Folder Addon CVE-2026-9690

| EUVDEUVD-2026-37647 HIGH
Path Traversal (CWE-22)
2026-06-17 Patchstack
7.5
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
7.5 HIGH
AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
vuln.today AI
7.5 HIGH

Unauthenticated network request to a WordPress plugin endpoint (AV:N/AC:L/PR:N/UI:N); arbitrary file read yields high confidentiality impact only, no integrity or availability effect.

3.1 AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
4.0 AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

Primary rating from Vendor (Patchstack).

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Unchanged
Confidentiality
High
Integrity
None
Availability
None

Lifecycle Timeline

1
Analysis Generated
Jun 17, 2026 - 11:50 vuln.today

DescriptionCVE.org

Unauthenticated Arbitrary File Download in WP Media folder Addon <= 4.0.1 versions.

AnalysisAI

Unauthenticated arbitrary file download in JoomUnited's WP Media Folder Addon WordPress plugin versions 4.0.1 and below allows remote attackers to retrieve arbitrary files from the underlying server via a path traversal weakness (CWE-22). The flaw is exploitable over the network without authentication or user interaction, exposing sensitive WordPress and server files such as wp-config.php. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Attack ChainAIDerived

Hypothetical attack flow derived from CVE metadata

Access
Identify WordPress site running WP Media Folder Addon ≤4.0.1
Delivery
Send crafted unauthenticated HTTP request with traversal payload
Exploit
Plugin resolves attacker-controlled path outside uploads directory
Execution
Server returns contents of wp-config.php or other sensitive file
Persist
Harvest DB credentials and secret keys
Impact
Pivot to database or forge admin session for full site takeover

Vulnerability AssessmentAI

Exploitation The target WordPress site must have the JoomUnited WP Media Folder Addon plugin installed and activated at version 4.0.1 or earlier, and the vulnerable file-download endpoint must be reachable over the network (the standard WordPress front-controller and admin-ajax.php are typically exposed by default). … Additional conditions and limiting factors are described in the full assessment.
Risk Assessment The CVSS 3.1 vector CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N (7.5 High) is internally consistent with the description: network-reachable, low-complexity, no privileges or user interaction, with high confidentiality impact only - appropriate for an unauthenticated file read. … Full risk analysis with EPSS, KEV, and SSVC signal comparison available after sign-in.
Exploit Scenario An opportunistic attacker scanning WordPress sites for vulnerable plugins sends a single unauthenticated HTTP request to the WP Media Folder Addon's file-download endpoint with a traversal payload such as '../../../../wp-config.php' in the filename parameter, and receives the file contents in the response. Using the database credentials and secret keys harvested from wp-config.php, the attacker then connects directly to the MySQL backend or forges authenticated session cookies to take over the site. …
Remediation Upgrade WP Media Folder Addon to a version newer than 4.0.1 as published by JoomUnited; the Patchstack advisory at https://patchstack.com/database/wordpress/plugin/wp-media-folder-addon/vulnerability/wordpress-wp-media-folder-addon-plugin-4-0-1-arbitrary-file-download-vulnerability should be consulted for the exact fixed release, as no specific patched version was supplied in the input - patch available per vendor advisory, but the exact fix version is not independently confirmed here. … Detailed patch versions, workarounds, and compensating controls in full report.

Recommended ActionAI

Within 24 hours: Inventory all WordPress installations and identify instances of WP Media Folder Addon version 4.0.1 or below. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-9690 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy