Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
7.5
WP Responsive Images plugin allows attackers to read server files
CVE-2026-1557
Summary
The WP Responsive Images plugin for WordPress contains a security flaw that lets unauthorized attackers read sensitive files on the server. This could expose confidential information. Update to the latest version to fix the issue.
Original title
The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers...
Original description
The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.
nvd CVSS3.1
7.5
Vulnerability type
CWE-22
Path Traversal
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/SBOutpu...
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/WPRespo...
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/image_h...
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/SBOutputFi...
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/WPResponsi...
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/image_hand...
- https://www.wordfence.com/threat-intel/vulnerabilities/id/22c6f81b-d456-44b9-ba6...
Published: 26 Feb 2026 · Updated: 12 Mar 2026 · First seen: 6 Mar 2026