← volver
CVE-2026-1557

WP Responsive Images <= 1.0 - Unauthenticated Path Traversal to Arbitrary File Read via src

CVSS 7.5 HIGHEPSS 1.7%CWE-22
Vexday Risk Score
36Atención
Decisión SSVC (CISA)
Attend
PoC disponible → seguir de cerca
CVSS 7.5EPSS 1.7%KEV nãoPoC Nuclei simMetasploit Patch
Ciclo de vida
26 feb 2026Publicada en NVD
Recomendación: Planificar corrección próxima — ya existe PoC pública.
The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

¿Quieres saber si tu infraestructura está expuesta a esto?

Hablar con TrueHacking →