Skip to main content

Wp Media Folder Addon

1 CVEs product

Monthly

CVE-2026-9690 HIGH This Week

Unauthenticated arbitrary file download in JoomUnited's WP Media Folder Addon WordPress plugin versions 4.0.1 and below allows remote attackers to retrieve arbitrary files from the underlying server via a path traversal weakness (CWE-22). The flaw is exploitable over the network without authentication or user interaction, exposing sensitive WordPress and server files such as wp-config.php. No public exploit identified at time of analysis, and the issue is not currently tracked in CISA KEV.

Path Traversal Wp Media Folder Addon
NVD VulDB
CVSS 3.1
7.5
EPSS
0.5%
EPSS 0% CVSS 7.5
HIGH This Week

Unauthenticated arbitrary file download in JoomUnited's WP Media Folder Addon WordPress plugin versions 4.0.1 and below allows remote attackers to retrieve arbitrary files from the underlying server via a path traversal weakness (CWE-22). The flaw is exploitable over the network without authentication or user interaction, exposing sensitive WordPress and server files such as wp-config.php. No public exploit identified at time of analysis, and the issue is not currently tracked in CISA KEV.

Path Traversal Wp Media Folder Addon
NVD VulDB

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy