Severity
High
Analysis Summary
CVE-2025-30567 CVSS:7.5
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in wp01ru WP01 allows Path Traversal. This issue affects WP01: from n/a through 2.6.2.
CVE-2025-28904 CVSS:9.3
Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') vulnerability in Shamalli Web Directory Free allows Blind SQL Injection. This issue affects Web Directory Free: from n/a through 1.7.6.
Impact
- Data Manipulation
- Gain Access
Indicators of Compromise
CVE
CVE-2025-30567
CVE-2025-28904
Affected Vendors
- WordPress
Affected Products
- wp01ru WP01 - n/a
- Shamalli Web Directory Free - n/a
Remediation
Update the Wordpress plugin to the latest available version.