Medium severity6.5NVD Advisory· Published Jan 8, 2026· Updated Apr 15, 2026
CVE-2019-25295
CVE-2019-25295
Description
The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.
Affected products
2- Range: <9.660
- Range: <9.660
Patches
Vulnerability mechanics
References
3News mentions
0No linked articles in our index yet.