Description
Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1.
Published: 2025-05-19
Score: 5.3 Medium
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The ctltwp Section Widget plugin contains a path traversal flaw manifested as an ".../...//" pattern that permits navigation beyond the intended directory. This weakness matches CWE-35 and can potentially allow an attacker to read arbitrary files on the server. Based on the description, it is inferred that an attacker could access sensitive data such as configuration files or source code.

Affected Systems

The vulnerability is present in all releases of the ctltwp Section Widget plugin up to and including version 3.3.1. Any WordPress installation that has the plugin installed with one of these affected versions is susceptible.

Risk and Exploitability

The CVSS score of 5.3 indicates moderate severity, and the EPSS score of less than 1% suggests a low likelihood of exploitation at present. The issue is not listed in the CISA KEV catalog. The description does not specify an attack vector or authentication requirements; therefore, while path traversal flaws in WordPress plugins are typically exploitable via HTTP requests to the plugin’s endpoints, no definitive exploitation method is provided in the advisory.

Generated by OpenCVE AI on May 1, 2026 at 08:14 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Section Widget plugin to a version newer than 3.3.1.
  • If an upgrade is not possible, disable or uninstall the plugin to eliminate the vulnerable code path.
  • Configure the web server or .htaccess rules to restrict direct access to the plugin’s directory and block any path traversal patterns.

Generated by OpenCVE AI on May 1, 2026 at 08:14 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-15777 Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.
History

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1. Path Traversal: '.../...//' vulnerability in ctltwp Section Widget section-widget allows Path Traversal.This issue affects Section Widget: from n/a through <= 3.3.1.
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Mon, 19 May 2025 22:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 19 May 2025 20:00:00 +0000

Type Values Removed Values Added
Description Path Traversal: '.../...//' vulnerability in ctltwp Section Widget allows Path Traversal.This issue affects Section Widget: from n/a through 3.3.1.
Title WordPress Section Widget plugin <= 3.3.1 - Path Traversal vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 5.3, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:N/A:N'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:12:37.423Z

Reserved: 2025-04-24T14:22:09.616Z

Link: CVE-2025-46441

cve-icon Vulnrichment

Updated: 2025-05-19T21:11:56.784Z

cve-icon NVD

Status : Deferred

Published: 2025-05-19T20:15:25.730

Modified: 2026-04-23T15:29:59.693

Link: CVE-2025-46441

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-05-01T08:15:12Z

Weaknesses