Primary

Context

RSFirewall! WordPress Plugin Path Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

Patched

A path traversal vulnerability has been identified in the RSFirewall! plugin for WordPress, affecting all versions through 1.1.42. The issue arises in the get_local_filename() function, where improper validation allows authenticated attackers with Administrator-level access to read arbitrary files on the server. This could lead to the exposure of sensitive information.

Impact

Exploitation of this vulnerability allows for authenticated users with Admin privileges to read sensitive files from the server.

Remediation

Users can update to version 1.1.43 or a newer patched version to address this vulnerability.

Added: Jul 12, 2025, 10:16 AM

Updated: Jul 12, 2025, 10:16 AM

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.6

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

3.4

impact

2.5

exploitability

5.6

remediation

7.7

relevance

0.2

threat

3.2

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

RSFirewall! WordPress Plugin Path Traversal Vulnerability Allowing Arbitrary File Read

Vulnerability

Impact

Remediation

Affected Products

RSFirewall!

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating