Vulnerability detail
Enriched intelligence for a single CVE
High
CVE-2025-30567
PUBLISHEDWordPress WP01 plugin <= 2.6.2 - Arbitrary File Download Vulnerability
- Vendor
- WP01
- Product
- WP01
- Published
- Mar 25, 2025
- EPSS
- 43.8% · 98% pctl
Automate this intelligence with the Pro API
Everything on this page — CVSS, EPSS, exploit status, PoCs, scanner integrations, mentions, tags, and immediate honeypot sensor data — is available programmatically for VM, SOC, and CTI workflows.
Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2.
Weaknesses (CWE)
-
The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.
CVSS scores
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N
Known exploited vulnerability sources
Catalogues that list this CVE as a known exploited vulnerability.
| Source | Added |
|---|---|
| The Shadowserver (via CIRCL) First | 2026-06-05 00:00 UTC |
Scanner integrations
| Scanner | Reference | Detected |
|---|---|---|
| Nuclei | https://github.com/projectdiscovery/nuclei-templates/blob/main/http/cves/2025/CVE-2025-30567.yaml | Apr 25, 2025 |
Potential proof of concepts
These PoCs are unverified and could contain malware. Use at your own risk.
github · Created 2025-04-06 14:38:16 UTC · 0 stars
CVE-2025-30567 - WordPress WP01 < Path traversal
github · Created 2025-04-03 22:52:06 UTC · 0 stars
CVE-2025-30567 - WordPress WP01 < Path traversal
github · Created 2025-03-26 14:37:34 UTC · 1 stars
Unauthorized Arbitrary File Download in WordPress WP01
Timeline
-
CVE ID Reserved
-
CVE Published to Public
-
Proof of Concept Exploit Available
-
Detected by Nuclei
-
Added to KEVIntel