WordPress Easy WP SMTP Plugin <= 1.5.1 is vulnerable to Directory Traversal
Description
Authenticated path traversal in Easy WP SMTP plugin <=1.5.1 allows arbitrary file read on WordPress.
AI Insight
LLM-synthesized narrative grounded in this CVE's description and references.
Authenticated path traversal in Easy WP SMTP plugin <=1.5.1 allows arbitrary file read on WordPress.
Vulnerability
The Easy WP SMTP plugin for WordPress versions up to and including 1.5.1 contains an authenticated path traversal vulnerability. An attacker with administrative access can exploit improper input validation to traverse directories and read arbitrary files.
Exploitation
An attacker must have authenticated access to the WordPress admin dashboard with sufficient privileges to access the vulnerable feature. By manipulating file path parameters, the attacker can navigate outside the intended directory.
Impact
Successful exploitation enables reading sensitive files on the server, such as configuration files or system secrets, leading to information disclosure.
Mitigation
The vulnerability is fixed in version 2.14.0 of the plugin [1]. Users should update immediately. If upgrading is not possible, restrict access to the admin area.
AI Insight generated on May 24, 2026. Synthesized from this CVE's description and the cited reference URLs; citations are validated against the source bundle.
Affected products
2- Range: <=1.5.1
- Range: n/a
Patches
0No patches discovered yet.
Vulnerability mechanics
AI mechanics synthesis has not run for this CVE yet.
References
1News mentions
0No linked articles in our index yet.