{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69380", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:13:05.452Z", "datePublished": "2026-02-20T15:46:53.401Z", "dateUpdated": "2026-04-28T20:57:15.359Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected", "packageName": "wp-upload-files-anywhere", "product": "Upload Files Anywhere", "vendor": "vanquish", "versions": [{"lessThanOrEqual": "2.8", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:04:12.980Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.<p>This issue affects Upload Files Anywhere: from n/a through <= 2.8.</p>"}], "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:39.721Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wp-upload-files-anywhere/vulnerability/wordpress-upload-files-anywhere-plugin-2-8-arbitrary-file-download-vulnerability?_s_id=cve"}], "title": "WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Download vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-23T21:01:54.391949Z", "id": "CVE-2025-69380", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T20:57:15.359Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 7.5, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "NONE", "privilegesRequired": "NONE", "confidentialityImpact": "HIGH"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69380", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-23T21:01:54.391949Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-23T21:02:15.711Z"}}], "cna": {"title": "WordPress Upload Files Anywhere plugin <= 2.8 - Arbitrary File Download vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "Path Traversal"}]}], "affected": [{"vendor": "vanquish", "product": "Upload Files Anywhere", "versions": [{"status": "affected", "version": "0", "versionType": "custom", "lessThanOrEqual": "2.8"}], "packageName": "wp-upload-files-anywhere", "collectionURL": "https://codecanyon.net", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:04:12.980Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wp-upload-files-anywhere/vulnerability/wordpress-upload-files-anywhere-plugin-2-8-arbitrary-file-download-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.", "supportingMedia": [{"type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.<p>This issue affects Upload Files Anywhere: from n/a through <= 2.8.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:13:26.184Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69380", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:13:26.184Z", "dateReserved": "2025-12-31T20:13:05.452Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-20T15:46:53.401Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8."}, {"lang": "es", "value": "Vulnerabilidad de limitaci\u00f3n incorrecta de un nombre de ruta a un directorio restringido ('Salto de ruta') en vanquish Upload Files Anywhere wp-upload-files-anywhere permite salto de ruta. Este problema afecta a Upload Files Anywhere: desde n/a hasta &lt;= 2.8."}], "id": "CVE-2025-69380", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 3.6, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T16:22:22.570", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wp-upload-files-anywhere/vulnerability/wordpress-upload-files-anywhere-plugin-2-8-arbitrary-file-download-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,2.8]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "cna", "scores": [{"score": 100.0, "source": "cna"}]}, "original": {"product": "Upload Files Anywhere", "source": "cna", "vendor": "vanquish"}, "product": "upload_files_anywhere", "vendor": "vanquish"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-28T09:28:20.522455+00:00", "value": {"mitigation_remediation": ["Upgrade the Upload Files Anywhere plugin to the latest version (any release above 2.8).", "If an upgrade is not possible, disable the plugin to remove the vulnerable code path.", "Restrict the filesystem permissions for the plugin\u2019s upload directory so it cannot access files outside the intended scope."], "summary": {"action": "Patch Immediately", "impact": "Arbitrary File Download via Path Traversal"}, "threat_synthesis": {"affected_systems": "The affected product is the WordPress Upload Files Anywhere plugin from vanquish, versions from the earliest release up through 2.8. Any site running the plugin in that version range is vulnerable.", "description_and_impact": "The vulnerability is an improper limitation of a pathname to a restricted directory. An attacker can construct a path that traverses outside the intended directory to retrieve any file the web server can read, leading to a breach of confidentiality and the possibility of further exploitation. This weakness is a classic path\u2011traversal flaw.", "risk_and_exploitability": "The CVSS score of 7.5 indicates a moderate\u2011to\u2011high severity vulnerability, and the EPSS score of <1% suggests a low probability of exploitation in the wild. It is not listed in the CISA KEV catalog. The flaw is a classic path\u2011traversal vulnerability that could allow an attacker to retrieve files outside the intended directory. The likely attack vector is via the plugin\u2019s publicly accessible download endpoint, based on the description that the vulnerability arises in the plugin\u2019s download handling. The official description does not specify authentication requirements, so it is inferred that the exploit operates without authentication if the endpoint is publicly reachable, or may require a user with sufficient privileges if access is restricted."}}}}, "created": "2026-02-23T14:37:13.923986+00:00", "updated": "2026-04-28T09:30:26.219656+00:00", "vendors": ["vanquish", "vanquish$PRODUCT$upload_files_anywhere", "wordpress", "wordpress$PRODUCT$wordpress"]}