Vulnerability Monitor

The vendors, products, and vulnerabilities you care about

CVE-2025-7518

The RSFirewall! plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.1.42 via the get_local_filename() function. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Published

2025-07-12T10:15:26.217

Last Modified

2025-07-15T13:14:49.980

Status

Awaiting Analysis

Source

[email protected]

Severity

CVSSv3.1: 4.9 (MEDIUM)

Weaknesses

Type: Primary
CWE-22

Affected Vendors & Products

References

https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3306173%40rsfirewall&new=3306173%40rsfirewall&sfp_email=&sfph_mail= ([email protected])
https://www.wordfence.com/threat-intel/vulnerabilities/id/fd7b0eef-3b8e-4272-bbd7-ad52088d0835?source=cve ([email protected])