CVE-2025-28955

High CVSS 7.5

Overview

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in FWDesign Easy Video Player Wordpress & WooCommerce allows Path Traversal. This issue affects Easy Video Player Wordpress & WooCommerce: from n/a through 10.0.

CWE: CWE-22 Published: 2025-07-16T12:15:23.803

Risk analysis

This vulnerability is rated 🟠 HIGH.

CVSS: 7.5 (HIGH)
Detected tags: path, wordpress (tag impact: MODERATE)

Recommended actions:

Canonicalize path; block `..` traversal; use allowlists.

Overview

Recommended tools

Tags