CVE-2026-7565
MEDIUM
4,9
Source: [email protected]
Attack Vector: network
Attack Complexity: low
Privileges Required: high
User Interaction: none
Scope: unchanged
Confidentiality: high
Integrity: none
Availability: none
Description
AI Translation Available
The LearnPress – Backup & Migration Tool plugin for WordPress is vulnerable to Arbitrary File Read via Directory Traversal in all versions up to, and including, 4.1.4 via the 'import-user-file' parameter parameter. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.
22
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')
StableCommon Consequences
Security Scopes Affected:
Integrity
Confidentiality
Availability
Potential Impacts:
Execute Unauthorized Code Or Commands
Modify Files Or Directories
Read Files Or Directories
Dos: Crash, Exit, Or Restart
Applicable Platforms
Technologies:
AI/ML
https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.1/…
https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.1/…
https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.4/…
https://plugins.trac.wordpress.org/browser/learnpress-import-export/tags/4.1.4/…
https://plugins.trac.wordpress.org/browser/learnpress-import-export/trunk/inc/a…
https://plugins.trac.wordpress.org/browser/learnpress-import-export/trunk/inc/a…
https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&ol…
https://www.wordfence.com/threat-intel/vulnerabilities/id/0f6d0ba7-f9e8-493b-9e…