{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-15433", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2026-01-01T13:42:06.702Z", "datePublished": "2026-03-26T06:00:07.315Z", "dateUpdated": "2026-03-26T13:35:20.136Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-26T06:00:07.315Z"}, "title": "Shared Files < 1.7.58 - Contributor+ Arbitrary File Download", "problemTypes": [{"descriptions": [{"description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "Shared Files", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "1.7.58"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector"}], "references": [{"url": "https://wpscan.com/vulnerability/893667a1-dc8f-476a-ac00-55752fface90/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Muhammad Rohan khan", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2026-03-26T13:35:04.522504Z", "id": "CVE-2025-15433", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:35:20.136Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 6.8, "attackVector": "NETWORK", "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "HIGH", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-15433", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-03-26T13:35:04.522504Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-26T13:35:16.512Z"}}], "cna": {"title": "Shared Files < 1.7.58 - Contributor+ Arbitrary File Download", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Muhammad Rohan khan"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "Shared Files", "versions": [{"status": "affected", "version": "0", "lessThan": "1.7.58", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/893667a1-dc8f-476a-ac00-55752fface90/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector"}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2026-03-26T06:00:07.315Z"}}}, "cveMetadata": {"cveId": "CVE-2025-15433", "state": "PUBLISHED", "dateUpdated": "2026-03-26T13:35:20.136Z", "dateReserved": "2026-01-01T13:42:06.702Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2026-03-26T06:00:07.315Z", "assignerShortName": "WPScan"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Shared Files WordPress plugin before 1.7.58 allows users with a role as low as Contributor to download any file on the web server (such as wp-config.php) via a path traversal vector"}, {"lang": "es", "value": "El plugin de WordPress Shared Files anterior a 1.7.58 permite a usuarios con un rol tan bajo como Colaborador descargar cualquier archivo en el servidor web (como wp-config.php) mediante un vector de salto de ruta."}], "id": "CVE-2025-15433", "lastModified": "2026-04-15T15:05:47.827", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 6.8, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 2.3, "impactScore": 4.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-03-26T07:16:19.133", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/893667a1-dc8f-476a-ac00-55752fface90/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Deferred"}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,1.7.58)"}}], "enrichment": {"confidence": 92.0, "confidence_source": "matching", "scores": [{"score": 95.0, "source": "inferred"}, {"score": 92.0, "source": "matching"}]}, "original": {"product": "Shared Files", "source": "cna", "vendor": "Unknown"}, "product": "shared_files", "vendor": "sharedfilespro"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-03-27T21:22:25.661940+00:00", "value": {"mitigation_remediation": ["Apply the latest update of the Shared Files plugin, version 1.7.58 or newer.", "If an update is not immediately feasible, remove or disable the plugin until a patch is applied.", "Restrict Contributor role privileges and remove file download capabilities."], "summary": {"action": "Patch Immediately", "impact": "Unauthorized File Disclosure"}, "threat_synthesis": {"affected_systems": "WordPress installations using the Shared Files plugin version earlier than 1.7.58 are affected. The vendor is unknown and the plugin name is Shared Files. Any WordPress site running this legacy plugin exposes files to contributors or any user with Contributor-level access. No specific version numbers beyond the upper bound 1.7.58 are provided, so all earlier releases are vulnerable.", "description_and_impact": "The Shared Files WordPress plugin prior to version 1.7.58 contains a path traversal vulnerability that allows a user with at least Contributor privileges to download any file stored on the web server. By manipulating the plugin's request parameters an attacker can escape the intended directory and request files such as wp-config.php, revealing sensitive configuration data. This flaw results in unauthorized disclosure of potentially confidential files, compromising the confidentiality of the site and possibly enabling further attacks if configuration details are obtained.", "risk_and_exploitability": "The CVSS base score of 6.8 indicates a high severity of remote file disclosure, while the EPSS score of under 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Attackers can exploit the flaw remotely by sending a crafted HTTP request to the plugin's endpoint while authenticated as a Contributor. Once the vulnerability is triggered, they can retrieve arbitrary files, potentially enabling further compromise if sensitive data is accessed."}}}}, "created": "2026-03-26T11:30:24.455146+00:00", "updated": "2026-03-29T20:28:01.224384+00:00", "vendors": ["sharedfilespro", "sharedfilespro$PRODUCT$shared_files", "wordpress", "wordpress$PRODUCT$wordpress"], "weaknesses": ["CWE-22", "CWE-200", "CWE-284"]}