Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.7
CVE-2018-25326: Google Drive for WordPress allows unauthorized access to sensitive files
CVE-2018-25326
Summary
An attacker can access sensitive files, such as configuration files, without authentication by exploiting a weakness in the way Google Drive for WordPress handles file requests. This could potentially allow unauthorized access to important information. To mitigate this risk, update to the latest version of Google Drive for WordPress.
Original title
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name para...
Original description
Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files.
nvd CVSS3.1
7.5
nvd CVSS4.0
8.7
Vulnerability type
CWE-22
Path Traversal
Published: 17 May 2026 · Updated: 30 May 2026 · First seen: 17 May 2026