Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.6
Vanquish Upload Files Anywhere Fails to Secure File Uploads
CVE-2025-69379
Summary
An attacker can upload files to any location on the server, potentially allowing them to steal sensitive data or take control of the server. This affects Upload Files Anywhere versions up to 2.8. Update to the latest version to fix the issue.
Original title
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Uplo...
Original description
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish Upload Files Anywhere wp-upload-files-anywhere allows Path Traversal.This issue affects Upload Files Anywhere: from n/a through <= 2.8.
nvd CVSS3.1
8.6
Vulnerability type
CWE-22
Path Traversal
Published: 20 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026