Description
Path Traversal: '.../...//' vulnerability in CodeManas Search with Typesense search-with-typesense allows Path Traversal.This issue affects Search with Typesense: from n/a through <= 2.0.8.
Published: 2025-02-25
Score: 6.8 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

WordPress Search with Typesense Plugin versions 2.0.8 and earlier contain a path‑traversal flaw caused by improper validation of search query strings. An attacker who can send a crafted request may obtain arbitrary files from the server, potentially enabling disclosure of sensitive information or the execution of local code if writable files are involved. The vulnerability is identified as CWE‑35.

Affected Systems

The affected product is CodeManas Search with Typesense for WordPress. All releases up to version 2.0.8 are vulnerable; users of v2.0.8 and earlier are at risk.

Risk and Exploitability

With a CVSS score of 6.8 the flaw is considered moderate severity. The EPSS score of less than 1 % indicates a low probability of exploitation, and the vulnerability is not listed in the CISA KEV database. Based on the description, the likely attack vector is remote via a crafted search query submitted to the plugin’s endpoint; authentication is not explicitly required, so a public user could trigger the flaw. Once triggered, the attacker can read any file accessible to the web server process.

Generated by OpenCVE AI on May 2, 2026 at 04:13 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Search with Typesense to a version newer than 2.0.8 if available and apply the update immediately.
  • If an update cannot be performed immediately, restrict the search endpoint to authenticated users and sanitize query strings to strip or reject any occurrence of '..' or backslash sequences.
  • Configure the web server or .htaccess rules to block URLs containing double dots or other path traversal patterns.
  • Monitor web server logs for anomalous file‑access patterns and apply additional controls that limit file visibility.

Generated by OpenCVE AI on May 2, 2026 at 04:13 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-5443 Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

 cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8. Path Traversal: '.../...//' vulnerability in CodeManas Search with Typesense search-with-typesense allows Path Traversal.This issue affects Search with Typesense: from n/a through <= 2.0.8.
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H'}

 cvssV3_1

{'score': 4.9, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N'}

Tue, 01 Jul 2025 11:15:00 +0000

Type Values Removed Values Added
First Time appeared Codemanas
Codemanas search With Typesense
CPEs cpe:2.3:a:codemanas:search_with_typesense:*:*:*:*:*:wordpress:*:*
Vendors & Products Codemanas
Codemanas search With Typesense

Tue, 25 Feb 2025 15:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 25 Feb 2025 14:30:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in CodeManas Search with Typesense allows Path Traversal. This issue affects Search with Typesense: from n/a through 2.0.8.
Title WordPress Search with Typesense Plugin <= 2.0.8 - Path Traversal vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 6.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:N/A:H'}

Subscriptions

Codemanas Search With Typesense
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:11:41.651Z

Reserved: 2025-02-17T11:49:35.314Z

Link: CVE-2025-26876

cve-icon Vulnrichment

Updated: 2025-02-25T14:39:41.994Z

cve-icon NVD

Status : Modified

Published: 2025-02-25T15:15:24.180

Modified: 2026-04-23T15:25:58.980

Link: CVE-2025-26876

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T04:15:06Z

Weaknesses