CVE-2025-15433

Vulnerability

Overview The Shared Files WordPress plugin before version 1.7.58 contains a path traversal vulnerability that allows authenticated users with a role as low as Contributor to download arbitrary files from the web server [1]. This means an attacker with minimal access (such as a Contributor account) can read sensitive files like wp-config.php outside the intended plugin's file-sharing directories.

Exploitation

Details The vulnerability is exploited through a path traversal vector, likely by manipulating file path parameters in requests to the plugin's download functionality. No special privileges beyond the Contributor role are required; the attacker only needs to be logged in with such an account [1]. The attack does not require any network proximity beyond being able to send HTTP requests to the WordPress instance.

Impact

An attacker exploiting this flaw can retrieve any file readable by the web server process, including configuration files that contain database credentials (e.g., wp-config.php), potentially leading to full site compromise. This could also allow access to other sensitive files like logs or backups [1].

Mitigation

The vulnerability is fixed in version 1.7.58 of the Shared Files plugin. Users should update to this version or later immediately to prevent exploitation [1]. No workarounds are mentioned in the available reference.