WordPress Plugin Vulnerabilities

Agile Store Locator < 1.6.9 - Admin+ Arbitrary File Read via Path Traversal

Description

The plugin does not validate a parameter before using it in a file path, allowing high-privileged users such as administrators to read arbitrary `.php` files from the server, including configuration files that contain database credentials and authentication keys.

Proof of Concept

Affects Plugins

Fixed in 1.6.9

References

Classification

Type
TRAVERSAL
OWASP top 10
CWE

Miscellaneous

Original Researcher
Abisheik M
Submitter
GITLAB-VR
Verified
Yes

Timeline

Publicly Published
2026-05-23 (about 1 month ago)
Added
2026-05-23 (about 1 month ago)
Last Updated
2026-05-23 (about 1 month ago)

Other