CVE Details
Basic Information
| Title | Restrict File Access <= 1.1.2 - Authenticated (Subscriber+) Arbitrary File Read |
|---|---|
| Type | cve |
| Published | 2025-06-14T08:23:25.593Z |
| Last Seen |
Product Information
| Vendor | josxha |
|---|---|
| Product | Restrict File Access |
| Version | * |
CVSS Information
| Base Score | 6.5 (MEDIUM) |
|---|---|
| Attack Vector | CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N |
| Confidentiality Impact | |
| Integrity Impact | |
| Availability Impact |
AI Analysis
| AI Description | The Restrict File Access plugin for WordPress is vulnerable to directory traversal, allowing authenticated users with Subscriber-level access to read arbitrary files on the server. This can expose sensitive information and is due to a flaw in the output() function. |
|---|---|
| AI Severity | Medium |
| Vendor | WordPress Community |
| Product | Restrict File Access |
| Affected Version | <= 1.1.2 |
Affected Products
- josxha Restrict File Access *
Additional Information
| CVE List | |
|---|---|
| CWE List | CWE-22 |
| Bulletin Family |
References
Description
The Restrict File Access plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 1.1.2 via the output() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.