Path Traversal Vulnerability in Upload Files Anywhere Plugin by Vanquish
CVE-2025-69379

8.6HIGH

Key Information:

Vendor: WordPress
Status: Upload Files Anywhere
Vendor: CVE Published:; 20 February 2026

What is CVE-2025-69379?

A vulnerability has been identified in the Upload Files Anywhere plugin, developed by Vanquish, which permits attackers to exploit improper limitations on filenames, resulting in path traversal scenarios. This flaw enables unauthorized access to files in restricted directories, potentially allowing malicious users to manipulate the file system of the hosting server. Websites utilizing versions of this plugin up to 2.8 are particularly at risk, as they may inadvertently permit attackers to read sensitive files or execute unintended commands.

Affected Version(s)

Upload Files Anywhere 0 <= 2.8

References

https://patchstack.com/database/Wordpress/Plugin/wp-uploa...

vdb-entry

CVSS V3.1

Score:

8.6

Severity:

HIGH

Confidentiality:

None

Integrity:

None

Availability:

None

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Feb 20, 2026
Vulnerability Reserved
Dec 31, 2025

Credit

Phat RiO | Patchstack Bug Bounty Program

CVE-2025-69379 Data

JSON

WordPress

What is CVE-2025-69379?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit