Platform
wordpress
Component
scape
Fixed in
1.5.17
CVE-2026-31913 describes an Arbitrary File Access vulnerability within Whitebox-Studio Scape, a WordPress plugin. This vulnerability, classified as a path traversal, allows attackers to potentially read sensitive files on the server. It impacts versions of Scape prior to 1.5.16. A patch has been released, urging users to upgrade.
The Arbitrary File Access vulnerability in Scape allows an attacker to bypass intended access restrictions and read files outside of the intended directory. This could expose sensitive data such as configuration files, database credentials, or even source code. Successful exploitation could lead to complete compromise of the WordPress installation and the underlying server. The impact is amplified if the server hosts other sensitive applications or data. This vulnerability shares similarities with other path traversal exploits where attackers manipulate file paths to access unauthorized resources.
CVE-2026-31913 was publicly disclosed on 2026-03-25. There is currently no indication of active exploitation campaigns targeting this vulnerability. The EPSS score is pending evaluation. No public proof-of-concept exploits have been released at this time.
Exploit Status
EPSS
0.06% (20% percentile)
CVSS Vector
The primary mitigation for CVE-2026-31913 is to immediately upgrade Whitebox-Studio Scape to version 1.5.16 or later. If an immediate upgrade is not feasible due to compatibility issues or testing requirements, consider implementing a Web Application Firewall (WAF) rule to block requests containing path traversal sequences (e.g., ../). Additionally, restrict file permissions on the Scape plugin directory to prevent unauthorized access. Monitor WordPress access logs for suspicious file access attempts.
Update to version 1.5.16, or a newer patched version
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2026-31913 is a path traversal vulnerability in Whitebox-Studio Scape allowing attackers to read files outside the intended directory. It has a HIGH severity rating (CVSS: 8.6).
You are affected if you are using Whitebox-Studio Scape versions prior to 1.5.16. Upgrade immediately to mitigate the risk.
Upgrade Whitebox-Studio Scape to version 1.5.16 or later. As a temporary workaround, implement a WAF rule to block path traversal attempts.
There is currently no indication of active exploitation campaigns targeting CVE-2026-31913, but vigilance is advised.
Refer to the Whitebox-Studio website and WordPress plugin repository for the latest advisory and update information regarding CVE-2026-31913.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.