Description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through <= 2.5.
Published: 2025-06-09
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Apptha Slider Gallery plugin for WordPress contains a path traversal flaw that allows an attacker to read arbitrary files from the server. This weakness enables the disclosure of sensitive data such as configuration files, credentials, or other confidential information present on the affected system. Based on the description, it is inferred that an unauthenticated attacker can trigger the exploit purely through crafted web requests.

Affected Systems

The vulnerability impacts the Apptha Slider Gallery plugin in all versions up to and including 2.5. The plugin is distributed by Apptha Plugins and integrated into WordPress sites that have installed it.

Risk and Exploitability

The CVSS score of 7.5 indicates a high severity impact, while the EPSS score of less than 1% suggests a low probability of exploitation under current conditions. The vulnerability is not listed in the CISA Known Exploited Vulnerabilities catalog. Based on the description, it is inferred that attackers are likely to exploit the flaw through the plugin’s publicly accessible file retrieval interface, by sending a specially crafted request that manipulates the path parameter to traverse directories and access files beyond the intended plugin directory.

Generated by OpenCVE AI on May 2, 2026 at 01:21 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Apptha Slider Gallery plugin to the latest version (greater than 2.5) which removes the path traversal vulnerability.
  • If an update cannot be applied immediately, block or restrict access to the plugin’s file retrieval endpoint (for example, via .htaccess or a web‑application firewall) so that only trusted IPs can request files.
  • Configure the web server to disallow traversal characters (e.g., '..' and slashes) and ensure the plugin’s configuration directory is not exposed through the webroot.

Generated by OpenCVE AI on May 2, 2026 at 01:21 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-17492 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5. Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery apptha-slider-gallery allows Path Traversal.This issue affects Apptha Slider Gallery: from n/a through <= 2.5.
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Fri, 11 Jul 2025 13:45:00 +0000

Type Values Removed Values Added
Metrics epss

{'score': 0.00057}

 epss

{'score': 0.00062}

Tue, 10 Jun 2025 14:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 09 Jun 2025 16:15:00 +0000

Type Values Removed Values Added
Description Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in appthaplugins Apptha Slider Gallery allows Path Traversal. This issue affects Apptha Slider Gallery: from n/a through 2.5.
Title WordPress Apptha Slider Gallery plugin <= 2.5 - Arbitrary File Read vulnerability
Weaknesses CWE-22
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:04.492Z

Reserved: 2025-03-26T09:23:34.537Z

Link: CVE-2025-31050

cve-icon Vulnrichment

Updated: 2025-06-10T13:50:40.794Z

cve-icon NVD

Status : Deferred

Published: 2025-06-09T16:15:37.050

Modified: 2026-04-23T15:27:36.797

Link: CVE-2025-31050

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-02T01:30:16Z

Weaknesses