Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.7
WordPress vanquish User Extra Fields Path Traversal Can Expose Sensitive Files
CVE-2025-69377
Summary
A security issue in WordPress's vanquish User Extra Fields plugin allows attackers to access sensitive files on the website. This affects versions 1 through 17.0. Website administrators should update to a fixed version of the plugin or remove it to prevent unauthorized access.
Original title
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra F...
Original description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.
nvd CVSS3.1
7.7
Vulnerability type
CWE-22
Path Traversal
Published: 20 Feb 2026 · Updated: 11 Mar 2026 · First seen: 6 Mar 2026