CVE-2025-9344: Wp Userswp Csv Import Path Traversal
Missing path traversal and bounds validation on imported metadata fields. Indiscriminately sanitizing file path columns as plain text allows directory traversal sequences to be saved safely against the user's metadata, later triggering arbitrary file deletion or other logic flaws on access.
Provally CuratedPublic repositoryHighMedium confidenceVerifiedApache-2.0
PHPβ
PHPβgreprules fetch cve-2025-9344-wp-userswp-csv-import-path-traversal --engine opengrepDescription
Missing path traversal and bounds validation on imported metadata fields. Indiscriminately sanitizing file path columns as plain text allows directory traversal sequences to be saved safely against the user's metadata, later triggering arbitrary file deletion or other logic flaws on access.
Community feedback
0 signals from signed-in users.
- Useful
- 0
- False positive
- 0
- Metadata
- 0