Description
Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through <= 1.0.13.
Published: 2025-06-17
Score: 7.5 High
EPSS: < 1% Very Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The vulnerability is a path traversal flaw in the Aeroscroll Gallery plugin, allowing an attacker to craft URLs containing traversal characters. When processed, the plugin can read files from directories outside the intended web root. Based on the description, this could expose sensitive configuration files or other confidential data, potentially compromising site confidentiality. The possibility of further compromise is inferred, not explicitly stated in the CVE data.

Affected Systems

The flaw affects all installations of the Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery plugin version 1.0.13 and earlier. The plugin was provided by yannisraft and is commonly used in WordPress websites.

Risk and Exploitability

The CVSS score of 7.5 indicates high severity, and the EPSS score of less than 1% suggests a low probability of exploitation currently. The vulnerability is not listed in the CISA KEV catalog. Attackers may be able to exploit the flaw remotely by issuing HTTP requests to the vulnerable script without authentication; this inference is based on the description that the flaw allows directory traversal. This could enable reading arbitrary files outside the web root.

Generated by OpenCVE AI on April 30, 2026 at 17:41 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Aeroscroll Gallery plugin to a version newer than 1.0.13 to contain the fixed path validation.
  • If an update is not immediately possible, deactivate the plugin to eliminate the exploitation surface.
  • Configure the web server to reject requests that include directory traversal sequences or to restrict file access to the web root.

Generated by OpenCVE AI on April 30, 2026 at 17:41 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-28308 Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery: from n/a through 1.0.12.
History

Tue, 28 Apr 2026 18:30:00 +0000

Type Values Removed Values Added
Description Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery: from n/a through <= 1.0.13. Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through <= 1.0.13.

Thu, 23 Apr 2026 15:00:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Wed, 01 Apr 2026 23:45:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery: from n/a through 1.0.12. Path Traversal: '.../...//' vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery aeroscroll-gallery allows Path Traversal.This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery: from n/a through <= 1.0.13.
Title WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery <= 1.0.12 - Directory Traversal Vulnerability WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery plugin <= 1.0.13 - Directory Traversal Vulnerability
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Tue, 17 Jun 2025 18:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'yes', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Tue, 17 Jun 2025 15:15:00 +0000

Type Values Removed Values Added
Description Path Traversal vulnerability in yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery &amp; Post Grid with Photo Gallery: from n/a through 1.0.12.
Title WordPress Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery <= 1.0.12 - Directory Traversal Vulnerability
Weaknesses CWE-35
References
Metrics cvssV3_1

{'score': 7.5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N'}

Subscriptions

No data.

cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-28T16:13:05.284Z

Reserved: 2025-06-04T15:44:57.576Z

Link: CVE-2025-49451

cve-icon Vulnrichment

Updated: 2025-06-17T17:22:32.074Z

cve-icon NVD

Status : Deferred

Published: 2025-06-17T15:15:49.420

Modified: 2026-04-28T19:33:08.323

Link: CVE-2025-49451

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-30T17:45:26Z

Weaknesses