Primary

Context

NotFound WordPress Plugin Sports Rankings and Lists Path Traversal Vulnerability

Vulnerability

A path traversal vulnerability allowing absolute path traversal has been identified in the NotFound WordPress plugin Sports Rankings and Lists, affecting versions through 1.0.2. This vulnerability arises from improper limitations on pathnames, potentially allowing unauthorized access to files on the server.

Impact

Exploitation of this vulnerability could lead to arbitrary file download, allowing attackers to download any file from the affected website, including sensitive files such as login credentials or backup files.

Remediation

Users are advised to update to a version of the Sports Rankings and Lists plugin that is later than 1.0.2. For those unable to update immediately, Patchstack offers a virtual patch that can be applied to mitigate this vulnerability.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

2.5

exploitability

7.4

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

NotFound WordPress Plugin Sports Rankings and Lists Path Traversal Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating