Description
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
Published: 2026-03-13
Score: 5 Medium
EPSS: < 1% Very Low
KEV: No
Impact: Directory Traversal (File Disclosure)
Action: Patch
AI Analysis

Impact

This vulnerability is a directory traversal flaw in the Bogdan Bendziukov Squeeze WordPress plugin. Improper handling of path sequences such as ".../...//" allows an attacker to read arbitrary files from the server filesystem, potentially exposing sensitive configuration, credential, or other confidential data. The weakness is classified as CWE-35, which focuses on incorrect path handling leading to unauthorized file disclosure.

Affected Systems

The Squeeze plugin, versions from any initial release up to and including 1.7.7, is affected. No other products or versions are listed. The vendor is Bogdan Bendziukov, and the product name is Squeeze.

Risk and Exploitability

The CVSS score for this vulnerability is 5, indicating moderate severity, and the EPSS score is lower than 1%, suggesting a low current probability of exploitation. This issue is not in the CISA KEV catalog. Based on the nature of the flaw, it is inferred that a remote attacker could trigger the vulnerability by submitting crafted path requests through the plugin’s interface, which is typical for web‑based directory traversal vulnerabilities. Given the moderate CVSS, low EPSS, and lack of KEV listing, the overall risk is considered low to moderate, but file disclosure still warrants attention.

Generated by OpenCVE AI on March 17, 2026 at 17:51 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade the Squeeze plugin to a version newer than 1.7.7, if an official patch is available from Bogdan Bendziukov.
  • If an update is not available or cannot be applied immediately, consider disabling or removing the Squeeze plugin to prevent exploitation.
  • Verify that the site is no longer accessible through the vulnerable endpoints to ensure the flaw has been mitigated.

Generated by OpenCVE AI on March 17, 2026 at 17:51 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Tue, 17 Mar 2026 14:15:00 +0000

Type Values Removed Values Added
Metrics cvssV3_1

{'score': 5, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:N/A:N'}

ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}

Mon, 16 Mar 2026 10:15:00 +0000

Type Values Removed Values Added
First Time appeared Bogdan Bendziukov
Bogdan Bendziukov squeeze
Wordpress
Wordpress wordpress
Vendors & Products Bogdan Bendziukov
Bogdan Bendziukov squeeze
Wordpress
Wordpress wordpress

Fri, 13 Mar 2026 12:00:00 +0000

Type Values Removed Values Added
Description Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
Title WordPress Squeeze plugin <= 1.7.7 - Directory Traversal vulnerability
Weaknesses CWE-35
References

Subscriptions

Bogdan Bendziukov Squeeze
Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Patchstack

Published:

Updated: 2026-04-01T14:16:12.863Z

Reserved: 2026-03-12T11:11:19.857Z

Link: CVE-2026-32415

cve-icon Vulnrichment

Updated: 2026-03-17T13:11:14.719Z

cve-icon NVD

Status : Awaiting Analysis

Published: 2026-03-13T19:54:58.787

Modified: 2026-03-17T14:16:16.920

Link: CVE-2026-32415

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-03-23T12:03:48Z

Weaknesses