Plattform
wordpress
Komponente
scape
Behoben in
1.5.17
CVE-2026-31913 describes an Arbitrary File Access vulnerability within Whitebox-Studio Scape, a WordPress plugin. This vulnerability, classified as a path traversal, allows attackers to potentially read sensitive files on the server. It impacts versions of Scape prior to 1.5.16. A patch has been released, urging users to upgrade.
The Arbitrary File Access vulnerability allows an attacker to bypass intended access controls and retrieve files from the server's file system. Successful exploitation could lead to the disclosure of sensitive information such as configuration files, database credentials, or even source code. Depending on the server's configuration and the files accessible, this could lead to further compromise, including code execution or data breaches. While no specific precedent is immediately apparent, path traversal vulnerabilities are frequently exploited to gain unauthorized access to critical system resources.
CVE-2026-31913 was published on 2026-03-25. The EPSS score is pending evaluation. No public proof-of-concept exploits are currently known. Monitor security advisories and threat intelligence feeds for any indications of active exploitation.
WordPress websites utilizing the Whitebox-Studio Scape plugin, particularly those running versions prior to 1.5.16, are at risk. Shared hosting environments where users have limited control over plugin configurations are also particularly vulnerable.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/scape/*• generic web:
curl -I 'http://your-wordpress-site.com/wp-content/plugins/scape/../../../../etc/passwd' # Check for unauthorized file accessdisclosure
Exploit-Status
EPSS
0.06% (20% Perzentil)
CVSS-Vektor
The primary mitigation for CVE-2026-31913 is to upgrade Whitebox-Studio Scape to version 1.5.16 or later. If immediate upgrading is not possible due to compatibility issues or downtime constraints, consider implementing temporary workarounds such as restricting file access permissions on the server and implementing a Web Application Firewall (WAF) with rules to block suspicious path traversal attempts. Monitor access logs for unusual file requests and implement stricter input validation to prevent malicious path manipulation. After upgrading, confirm the vulnerability is resolved by attempting a path traversal request and verifying that access is denied.
Update to version 1.5.16, or a newer patched version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2026-31913 is a path traversal vulnerability in Whitebox-Studio Scape allowing attackers to read files outside the intended directory. It has a HIGH severity rating (CVSS: 8.6).
You are affected if you are using Whitebox-Studio Scape versions prior to 1.5.16. Upgrade immediately to mitigate the risk.
Upgrade Whitebox-Studio Scape to version 1.5.16 or later. As a temporary workaround, implement a WAF rule to block path traversal attempts.
There is currently no indication of active exploitation campaigns targeting CVE-2026-31913, but vigilance is advised.
Refer to the Whitebox-Studio website and WordPress plugin repository for the latest advisory and update information regarding CVE-2026-31913.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.