WordPress Plugin Vulnerabilities

Publitio < 2.2.2 - Contributor+ Arbitrary File Read

Description

The plugin is vulnerable to Path Traversal. This makes it possible for authenticated attackers, with Contributor-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Affects Plugins

Plugin icon
publitio
Fixed in 2.2.2

References

CVE
CVE-2025-31800
URL
https://patchstack.com/database/wordpress/plugin/publitio/vulnerability/wordpress-publitio-plugin-2-1-8-arbitrary-file-read-vulnerability

Classification

Type
LFI
OWASP top 10
A1: Injection
CWE
CWE-22
CVSS
4.9 (medium)

Miscellaneous

Original Researcher
Trương Hữu Phúc (truonghuuphuc)
Verified
No
WPVDB ID
82fe23f3-b532-4307-b191-2f6cdd3eaf54

Timeline

Publicly Published
2025-04-03 (about 11 months ago)
Added
2025-04-08 (about 10 months ago)
Last Updated
2025-09-13 (about 5 months ago)

Other

Published
Title
Published
2015-03-23
Title
MP3-jPlayer < 2.5 - Local File Disclosure
Published
2025-12-11
Title
WP Job Portal < 2.4.1 - Authenticated (Subscriber+) Arbitrary File Read
Published
2017-07-21
Title
WP Hide & Security Enhancer < 1.4 - Arbitrary File Download
Published
2024-09-30
Title
LiteSpeed Cache < 6.5.1 - Author+ Path Traversal
Published
2016-03-21
Title
ABtest - File Inclusion