Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Vanquish User Extra Fields Allows Malicious File Access
CVE-2025-69376
Summary
A security issue in Vanquish User Extra Fields plugin for WordPress allows an attacker to access files outside the intended directory, potentially leading to sensitive information exposure or malicious code execution. This issue affects versions up to 17.0. Update to the latest version to prevent unauthorized file access.
Original title
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra F...
Original description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.
nvd CVSS3.1
8.6
Vulnerability type
CWE-22
Path Traversal
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026