CVE-2025-4419

MEDIUM

Hot Random Image <= 1.9.2 - Authenticated Path Traversal via Path Parameter

Title source: llm

Description

The Hot Random Image plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.9.2 via the 'path' parameter. This makes it possible for authenticated attackers, with Contributor-level access and above, to access arbitrary images with allowed extensions, outside of the originally intended directory.

References (4)

Core 4

Core References

Product

https://plugins.trac.wordpress.org/browser/hot-random-image/tags/1.9.2/hot_random_image.php#L57

Patch

https://plugins.trac.wordpress.org/changeset/3298033/

Product

https://wordpress.org/plugins/hot-random-image/#developers

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/d6628232-0bd1-4194-8322-36084b1eb0f7?source=cve

Scores

CVSS v3 4.3

EPSS 0.0036

EPSS Percentile 28.0%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:N/A:N

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact partial

Details

CWE

CWE-22

Status published

Products (2)

hot-themes/hot_random_image < 1.9.3

hotwptemplates/Hot Random Image < 1.9.2

Published May 22, 2025

Tracked Since Feb 18, 2026