EUVD-2025-17492
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Lifecycle Timeline
3Tags
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5.
Analysis
Path traversal vulnerability in Apptha Slider Gallery versions up to 2.5 that allows unauthenticated remote attackers to read arbitrary files from the affected server by manipulating pathname parameters. The vulnerability has a CVSS score of 7.5 (High) with network-based attack vector requiring no privileges or user interaction, enabling confidentiality compromise of sensitive server files. Current KEV and EPSS status information is not provided in available sources, but the ease of exploitation (AC:L) and absence of authentication requirements significantly elevate real-world risk.
Technical Context
This vulnerability is rooted in CWE-22 (Improper Limitation of a Pathname to a Restricted Directory), a classic input validation flaw where user-supplied path parameters are not properly sanitized before file access operations. The Apptha Slider Gallery WordPress plugin fails to implement adequate path canonicalization or whitelist-based directory restrictions, allowing attackers to traverse directory structures using sequences such as '../' or similar path manipulation techniques. The vulnerability affects the plugin's file retrieval mechanisms, likely in image serving or configuration file access functions that process user input without validating against a restricted base directory. CPE identifier for the affected component is wp:apptha_slider_gallery, indicating this is a WordPress plugin vulnerability with web-based attack surface.
Affected Products
Apptha Slider Gallery (2.5 and earlier (versions from unspecified baseline through 2.5))
Priority Score
Share
External POC / Exploit Code
Leaving vuln.today