CVE-2025-12496

CVSS v3.1

4.9

Medium

Vector

AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N

Name of the Vulnerable Software and Affected Versions Zephyr Project Manager versions prior to 3.3.204

Description The Zephyr Project Manager plugin for WordPress is susceptible to a Directory Traversal issue via the file parameter. This allows authenticated attackers with Custom-level access or higher to read arbitrary files on the server, potentially exposing sensitive information. If allow url fopen is enabled on the server, this issue can also lead to Server-Side Request Forgery.

Recommendations Update Zephyr Project Manager to version 3.3.204 or later.

Fix

Path traversal

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-22

Related Identifiers

CVE-2025-12496

Affected Products

Zephyr Project Manager

CVE-2025-12496

Weakness Enumeration

Related Identifiers

Affected Products

References · 8