CVE-2025-30567

HIGH EXPLOITED NUCLEI

WordPress WP01 - Path Traversal

Title source: nuclei

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2.

Exploits (1)

nomisec WORKING POC 1 stars

by Oyst3r1ng · infoleak

https://github.com/Oyst3r1ng/CVE-2025-30567

View Code ZIP pw:eip

Nuclei Templates (1)

WordPress WP01 - Path Traversal

HIGHVERIFIEDby s4e-io

References (2)

[Vdb Entry] https://patchstack.com/database/Wordpress/Plugin/wp01/vulnerability/wordpress-wp01-2-6-2-arbitrary-file-download-vulnerability?_s_id=cve

[Third Party Advisory] https://patchstack.com/database/wordpress/plugin/wp01/vulnerability/wordpress-wp01-2-6-2-arbitrary-file-download-vulnerability?_s_id=cve

Scores

CVSS v3 7.5

EPSS 0.2719

EPSS Percentile 96.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Details

VulnCheck KEV 2025-07-16

CWE

CWE-22

Status published

Products (2)

WP01/WP01 < 2.6.2

wp01ru/WP01 < 2.6.2

Published Mar 25, 2025

Tracked Since Feb 18, 2026