cleantalk
Vulnerabilities and Security Researches

WP01 – Speed, Security, SEO consultant, CVE-2025-2267

CVE, Research URL

CVE-2025-2267

Home page URL

Security reports for WP01 – Speed, Security, SEO consultant

Application

WP01 – Speed, Security, SEO consultant

Published on
Mar 15, 2025
Research Description
The WP01 plugin for WordPress is vulnerable to Arbitrary File Download in all versions up to, and including, 2.6.2 due to a missing capability check and insufficient restrictions on the make_archive() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to download and read the contents of arbitrary files on the server, which can contain sensitive information.
Affected versions
Min -, max 2.6.2.
Status
vulnerable
Previous vulnerability researches
Skitter Slideshow (CVE-2022-1751) , Aug 18, 2024
Skitter Slideshow (CVE-2025-28906) , Mar 13, 2025
New vulnerability
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto (CVE-2025-1530) , Mar 16, 2025
WordPress form builder plugin for contact forms, surveys and quizzes – Tripetto (CVE-2024-13497) , Mar 16, 2025
School Management System – WPSchoolPress (CVE-2025-1670) , Mar 16, 2025
School Management System – WPSchoolPress (CVE-2025-1667) , Mar 16, 2025
School Management System – WPSchoolPress (CVE-2025-1669) , Mar 16, 2025