CVE-2025-12137 | Import WP Plugin up to 2.14.16 on WordPress REST API Endpoint attach_file local_url path traversal

Inserito da Angelo Barbosa | Ott 31, 2025 | CVE

A vulnerability was found in Import WP Plugin up to 2.14.16 on WordPress. It has been classified as problematic. Affected by this issue is the function attach_file of the component REST API Endpoint. The manipulation of the argument local_url leads to path traversal.

This vulnerability is documented as CVE-2025-12137. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-12137 | Import WP Plugin up to 2.14.16 on WordPress REST API Endpoint attach_file local_url path traversal

Post correlati

CVE-2024-41677 | QwikDev qwik up to 1.5.x cross site scripting (GHSA-2rwj-7xq8-4gx4)

CVE-2025-4908 | PHPGurukul Daily Expense Tracker System 1.1 expense-datewise-reports-detailed.php fromdate/todate sql injection

CVE-2024-2634 | Cegid Meta4 HR 819.001.022 generico_login.jsp lang cross site scripting

CVE-2024-9324 | Intelbras InControl up to 2.21.57 Relatório de Operadores Page /v1/operador/ fields code injection