Vulnerability in Shared Files

CVE-2025-15433

The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector

EPSS: 0.000 (4.4th percentile) — read the EPSS interpretation.

Affected products

Unknown Shared Files — versions 0

References

wpscan.com/vulnerability/893667a1-dc8f-476a-ac00-55752fface90/ (exploit, vdb-entry, technical-description)