Path Traversal Vulnerability in A/B Image Optimizer Plugin by Zach Swetz
CVE-2025-25163

9.8CRITICAL

Key Information:

Vendor: Zach Swetz
Status: Plugin A/b Image Optimizer
Vendor: CVE Published:; 7 February 2025

Badges

👾 Exploit Exists🟡 Public PoC

Summary

A path traversal vulnerability has been identified in the A/B Image Optimizer plugin developed by Zach Swetz. This flaw allows attackers to access files outside the intended directory structure by manipulating file paths, potentially leading to unauthorized access to sensitive data on the server. Users of the affected plugin versions are advised to apply necessary security measures and consider updating to mitigate potential risks associated with this vulnerability.

Affected Version(s)

Plugin A/B Image Optimizer <= 3.3

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-25163
Created by RandomRobbieBF

References

https://patchstack.com/database/wordpress/plugin/images-o...

vdb-entry

CVSS V3.1

Score:

9.8

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Unchanged

Timeline

🟡
Public PoC available
Feb 18, 2025
👾
Exploit known to exist
Feb 18, 2025
Vulnerability published
Feb 7, 2025
Vulnerability Reserved
Feb 3, 2025

Credit

LVT-tholv2k (Patchstack Alliance)