The Shared Files WordPress plugin prior to version 1.7.58 contains a path traversal vulnerability that allows a user with at least Contributor privileges to download any file stored on the web server. By manipulating the plugin's request parameters an attacker can escape the intended directory and request files such as wp-config.php, revealing sensitive configuration data. This flaw results in unauthorized disclosure of potentially confidential files, compromising the confidentiality of the site and possibly enabling further attacks if configuration details are obtained.

WordPress installations using the Shared Files plugin version earlier than 1.7.58 are affected. The vendor is unknown and the plugin name is Shared Files. Any WordPress site running this legacy plugin exposes files to contributors or any user with Contributor-level access. No specific version numbers beyond the upper bound 1.7.58 are provided, so all earlier releases are vulnerable.

The CVSS base score of 6.8 indicates a high severity of remote file disclosure, while the EPSS score of under 1% suggests a low likelihood of exploitation in the wild. The vulnerability is not listed in CISA's KEV catalog. Attackers can exploit the flaw remotely by sending a crafted HTTP request to the plugin's endpoint while authenticated as a Contributor. Once the vulnerability is triggered, they can retrieve arbitrary files, potentially enabling further compromise if sensitive data is accessed.