Description
Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.
Published: 2026-06-09
Score: 8.7 High
EPSS: n/a
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The flaw exists in the Apptha Slider Gallery 1.0 WordPress plugin and allows unauthenticated attackers to supply a crafted imgname parameter in asgallDownload.php, enabling directory traversal and download of files outside the intended directory. This path traversal vulnerability can reveal sensitive system or configuration files, compromising confidentiality and integrity of the affected host. Because the flaw is remotely exploitable with no authentication required, any reachable WordPress site running the affected plugin is at risk.

Affected Systems

WordPress installations that have the Apptha Slider Gallery plugin version 1.0 installed are affected. No other versions were indicated in the CNA data; site administrators should verify whether their deployment uses this vulnerable version.

Risk and Exploitability

The CVSS score of 8.7 indicates high severity, reflecting the low complexity of exploitation and serious impact on data confidentiality and integrity. No EPSS score is available, so the current probability of exploitation in the wild cannot be quantified, but the attack path is straightforward: a crafted HTTP request to asgallDownload.php containing ../ sequences. The vulnerability is not listed in the CISA KEV catalog, suggesting no documented active exploitation campaigns at the time of this analysis, although the potential for abuse remains.

Generated by OpenCVE AI on June 9, 2026 at 13:24 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Apptha Slider Gallery plugin to the latest available version that includes the path traversal fix.
  • If an upgrade cannot be performed immediately, disable or remove the Apptha Slider Gallery plugin to eliminate the vulnerability.
  • Configure a web application firewall or server rule to block imgname parameters that contain directory traversal sequences such as ../.

Generated by OpenCVE AI on June 9, 2026 at 13:24 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 09 Jun 2026 20:45:00 +0000

Type Values Removed Values Added
First Time appeared Apptha
Apptha apptha Slider Gallery
Wordpress
Wordpress wordpress
Vendors & Products Apptha
Apptha apptha Slider Gallery
Wordpress
Wordpress wordpress

Tue, 09 Jun 2026 12:30:00 +0000

Type Values Removed Values Added
Description Apptha Slider Gallery 1.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the imgname parameter. Attackers can send requests to asgallDownload.php with directory traversal sequences ../ to access sensitive files outside the intended directory.
Title WordPress Plugin Apptha Slider Gallery 1.0 Path Traversal File Download
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

cvssV4_0

{'score': 8.7, 'vector': 'CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N'}

Subscriptions

Apptha Apptha Slider Gallery
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: VulnCheck

Published:

Updated: 2026-06-09T15:12:45.524Z

Reserved: 2026-06-08T11:51:37.191Z

Link: CVE-2017-20248

cve-icon Vulnrichment

No data.

cve-icon NVD

Status : Deferred

Published: 2026-06-09T13:16:34.693

Modified: 2026-06-09T13:51:18.770

Link: CVE-2017-20248

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-09T20:20:52Z

Weaknesses