Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through <= 1.0.8.5.
Published: 2025-02-03
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

Improper limitation of a pathname in the RealMag777 WOLF bulk‑editor plugin allows attackers to construct file paths that escape the intended directory. The flaw is a classic path traversal (CWE‑22) that can let an adversary read (and potentially write) arbitrary files on the WordPress server, exposing configuration, credentials, or other sensitive data. The vulnerability is present in all releases up to and including version 1.0.8.5 and is not mitigated by input validation or directory checks.

Affected Systems

The affected product is the RealMag777 WOLF bulk‑editor WordPress plugin, with versions from the earliest release through 1.0.8.5. The plugin runs on any WordPress installation that includes it, making a wide array of sites potentially vulnerable.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity, but the EPSS score of less than 1% suggests a low probability of exploitation at present. It is not listed in CISA's KEV catalog. The likely attack path involves accessing vulnerable endpoints within the plugin’s web interface, possibly requiring authenticated access, which could enable an attacker to request arbitrary files from the server.

Generated by OpenCVE AI on May 1, 2026 at 17:37 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the WOLF bulk‑editor plugin to a version newer than 1.0.8.5
  • If an upgrade is not feasible, deactivate or uninstall the plugin to remove the attack surface
  • Conduct a thorough scan of the web root to identify any sensitive files that may have been exposed or accessed through path traversal attacks

Generated by OpenCVE AI on May 1, 2026 at 17:37 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-3809 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

 cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in RealMag777 WOLF bulk-editor allows Path Traversal.This issue affects WOLF: from n/a through <= 1.0.8.5.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 7.2, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H'}

Mon, 14 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00091}

 epss

{'score': 0.00101}

Wed, 19 Mar 2025 20:15:00 +0000

Type Values Removed Values Added
First Time appeared Pluginus
Pluginus wolf - Wordpress Posts Bulk Editor And Products Manager Professional
CPEs cpe:2.3:a:pluginus:wolf_-_wordpress_posts_bulk_editor_and_products_manager_professional:*:*:*:*:*:wordpress:*:*
Vendors & Products Pluginus
Pluginus wolf - Wordpress Posts Bulk Editor And Products Manager Professional

Mon, 03 Feb 2025 17:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 03 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in realmag777 WOLF allows Path Traversal. This issue affects WOLF: from n/a through 1.0.8.5.
Title WordPress WOLF plugin <= 1.0.8.5 - Path Traversal vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

Pluginus Wolf - Wordpress Posts Bulk Editor And Products Manager Professional
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:29.479Z

Reserved: 2025-01-23T14:51:10.027Z

Link: CVE-2025-24605

cve-icon Vulnrichment

Updated: 2025-02-03T16:55:34.834Z

cve-icon NVD

Status : Modified

Published: 2025-02-03T15:15:26.473

Modified: 2026-04-23T15:25:06.733

Link: CVE-2025-24605

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T17:45:15Z

Weaknesses