Security Advisory

CVE-2025-15433

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2026-03-26 06:00:07

Last updated 2026-03-26 13:35:20

Assigner WPScan

State PUBLISHED

Description

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector

← Browse all CVEs View on cve.org ↗