CVE-2026-1557

nvd nist nuclei

Published: Feb 26, 2026Modified: Jun 17, 2026Deferred

7.5

Vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

Exploitability: 3.9 / Impact: 3.6

Source: security@wordfence.com (Secondary)

Description

The WP Responsive Images plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.0 via the 'src' parameter. This makes it possible for unauthenticated attackers to read the contents of arbitrary files on the server, which can contain sensitive information.

Related CWEs

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')

The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory.

References (7)

https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/SBOutputFile.php#L33

Source: security@wordfence.com

https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/WPResponsiveImages.php#L265

Source: security@wordfence.com

https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/image_handler.php#L28

Source: security@wordfence.com

https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/SBOutputFile.php#L33

Source: security@wordfence.com

https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/WPResponsiveImages.php#L265

Source: security@wordfence.com

https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/image_handler.php#L28

Source: security@wordfence.com

https://www.wordfence.com/threat-intel/vulnerabilities/id/22c6f81b-d456-44b9-ba6c-8b207a9ee6e1?source=cve

Source: security@wordfence.com

Timeline

No history available yet.