Scan free
HIGHCVE-2025-31050CVSS 7.5

CVE-2025-31050: Arbitrary File Access in Apptha Slider Gallery

Platform

wordpress

Component

apptha-slider-gallery

Fixed in

2.5.4

AI Confidence: highNVDEPSS 0.1%Reviewed: May 2026
View on NVD
Save

CVE-2025-31050 describes an Arbitrary File Access vulnerability within the Apptha Slider Gallery WordPress plugin. This vulnerability allows attackers to potentially read sensitive files on the server by manipulating file paths. Versions of Apptha Slider Gallery from 0.0.0 up to and including 2.5 are affected. A patch has been released in version 2.5.4.

WordPress

Detect this CVE in your project

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan free

Impact and Attack Scenarios

The Arbitrary File Access vulnerability allows an attacker to bypass intended access controls and read arbitrary files on the server hosting the WordPress site. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the web server and potentially the entire network if the server has access to other resources. While the vulnerability requires path manipulation, the ease of doing so makes it a significant risk, especially on sites with default configurations or weak security practices.

Exploitation Context

CVE-2025-31050 was publicly disclosed on 2025-06-09. No public proof-of-concept exploits are currently known, but the ease of exploiting path traversal vulnerabilities suggests a moderate probability of exploitation. It is not currently listed on CISA KEV. The vulnerability's simplicity makes it a likely target for automated scanning and exploitation.

Threat Intelligence

Exploit Status

Proof of ConceptUnknown
CISA KEVNO
Internet ExposureHigh

EPSS

0.13% (32% percentile)

CISA SSVC

Exploitationnone
Automatableyes
Technical Impactpartial

CVSS Vector

THREAT INTELLIGENCE· CVSS 3.1CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N7.5HIGHAttack VectorNetworkHow the attacker reaches the targetAttack ComplexityLowConditions required to exploitPrivileges RequiredNoneAuthentication level needed to attackUser InteractionNoneWhether a victim must take actionScopeUnchangedImpact beyond the vulnerable componentConfidentialityHighRisk of sensitive data exposureIntegrityNoneRisk of unauthorized data modificationAvailabilityNoneRisk of service disruptionnextguardhq.com · CVSS v3.1 Base Score
What do these metrics mean?
Attack Vector
Network — remotely exploitable over the internet. No physical or local access required. Widest attack surface.
Attack Complexity
Low — no special conditions required. Attacker can exploit reliably without depending on rare configurations or timing.
Privileges Required
None — unauthenticated. No login or credentials needed to exploit.
User Interaction
None — attack is automatic and silent. Victim does nothing: no click, no file open.
Scope
Unchanged — impact is limited to the vulnerable component itself.
Confidentiality
High — complete confidentiality loss. Attacker can read all data: credentials, keys, personal data.
Integrity
None — no integrity impact. Attacker cannot modify data.
Availability
None — no availability impact. Service remains fully operational.

Affected Software

Componentapptha-slider-gallery
Vendorappthaplugins
Affected rangeFixed in
0.0.0 – 2.52.5.4

Weakness Classification (CWE)

CWE-22

Timeline

  1. Reserved
  2. Published
  3. Modified
  4. EPSS updated

Mitigation and Workarounds

The primary mitigation for CVE-2025-31050 is to immediately upgrade the Apptha Slider Gallery plugin to version 2.5.4 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Carefully review file permissions on the server to ensure that sensitive files are not accessible by the web server user. Monitor web server access logs for suspicious requests containing path traversal attempts.

How to fix

Update the Apptha Slider Gallery plugin to version 2.5.4 or higher to mitigate the path traversal vulnerability. This update addresses the inadequate path limitation, preventing unauthorized access to files on the server.

CVE Security Newsletter

Vulnerability analysis and critical alerts directly to your inbox.

Frequently asked questions

What is CVE-2025-31050 — Arbitrary File Access in Apptha Slider Gallery?

CVE-2025-31050 is a HIGH severity vulnerability in Apptha Slider Gallery allowing attackers to read files by manipulating paths. It affects versions 0.0.0 through 2.5.

Am I affected by CVE-2025-31050 in Apptha Slider Gallery?

Yes, if you are using Apptha Slider Gallery version 0.0.0 through 2.5, you are affected by this vulnerability.

How do I fix CVE-2025-31050 in Apptha Slider Gallery?

Upgrade Apptha Slider Gallery to version 2.5.4 or later. Consider WAF rules to block path traversal attempts as an interim measure.

Is CVE-2025-31050 being actively exploited?

While no public exploits are currently known, the ease of exploitation suggests a potential for active exploitation.

Where can I find the official Apptha Slider Gallery advisory for CVE-2025-31050?

Refer to the Apptha website or WordPress plugin repository for the official advisory and update information.

Is your project affected?

Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.

Scan freeSearch CVEs