CVE-2025-15487 WordPress — Exploit & Vulnerability Details MEDIUM

CVE-2025-15487

MEDIUM CVSS 3.1: 4.9 EPSS 0.05%

Parameter	Value
CVSS	4.9 (MEDIUM)
Type	CWE-22 (Path Traversal)
Vendor	WordPress
Public PoC	No

The Code Explorer plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.6 via the 'file' parameter. This makes it possible for authenticated attackers, with Administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information.

Attack Parameters

Attack Vector

Network

Can be exploited remotely

Attack Complexity

Low

Easy to exploit

Privileges Required

High

Admin privileges needed

User Interaction

None

No user interaction needed

Impact Assessment

Confidentiality

High

Complete data leak

Integrity

None

No data modification

Availability

None

No disruption

CVSS Vector v3.1

Weakness Type (CWE)

CWE-22 Path Traversal

References 2

https://plugins.trac.wordpress.org/browser/code-explorer/tags/1.4.6/admin/class…

security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/fad8ad54-56eb-40fa-a3…

security@wordfence.com

Share Post Share Share Share

Related Vulnerabilities

CVE-2026-3512

WordPress

6.1

CVE-2025-15363

WordPress

None

CVE-2026-1926

WordPress

5.3

CVE-2026-1780

WordPress

6.1

CVE-2026-2373

WordPress

5.3

Menu

CVE-2025-15487

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-3512

CVE-2025-15363

CVE-2026-1926

CVE-2026-1780

CVE-2026-2373

CVE Details

Editor's Choice

Menu

CVE-2025-15487

Attack Parameters

Impact Assessment

CVSS Vector v3.1

Weakness Type (CWE)

References 2

Related Vulnerabilities

CVE-2026-3512

CVE-2025-15363

CVE-2026-1926

CVE-2026-1780

CVE-2026-2373

CVE Details

Editor's Choice

Stay informed on cybersecurity