Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
Upload Files Anywhere fails to prevent malicious file uploads
CVE-2025-69380
Summary
A security issue in Upload Files Anywhere plugin allows hackers to upload files to unintended locations on your website. This could lead to unauthorized access or data exposure. Update to version 2.9 or later to fix this issue.
Original title
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Uplo...
Original description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.
nvd CVSS3.1
7.5
Vulnerability type
CWE-22
Path Traversal
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026