PT-2026-28212 · WordPress · Shared Files
Published
2026-03-26
·
Updated
2026-03-26
·
CVE-2025-15433
CVSS v3.1
6.8
Medium
| AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Shared Files WordPress plugin versions prior to 1.7.58
Description
The Shared Files WordPress plugin has a flaw that allows users with Contributor-level permissions to download any file from the web server, including sensitive files like
wp-config.php. This is due to a path traversal issue.Recommendations
Update the Shared Files WordPress plugin to version 1.7.58 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Shared Files