CVE-2025-13681 | BFG Tools Plugin up to 1.0.7 on WordPress /wp-content/plugins/ zip first_file path traversal

Inserito da Angelo Barbosa | Feb 13, 2026 | CVE

A vulnerability was found in BFG Tools Plugin up to 1.0.7 on WordPress. It has been rated as critical. Affected is the function zip of the file /wp-content/plugins/. The manipulation of the argument first_file leads to path traversal.

This vulnerability is referenced as CVE-2025-13681. Remote exploitation of the attack is possible. No exploit is available.

CVE-2025-13681 | BFG Tools Plugin up to 1.0.7 on WordPress /wp-content/plugins/ zip first_file path traversal

Post correlati

CVE-2024-9180 | HashiCorp Vault/Vault Enterprise up to 1.17.6 privileges assignment

CVE-2024-36420 | FlowiseAI Flowise up to 1.4.3 openai-assistants-file fileName information disclosure (GHSL-2023-232)

CVE-2024-31929 | Polevaultweb Intagrate Lite Plugin up to 1.3.7 on WordPress cross site scripting

CVE-2025-3888 | Jupiter X Core Plugin up to 4.8.12 on WordPress SVG File Parser cross site scripting