CVE-2025-9215 | StoreEngine Plugin up to 1.5.0 on WordPress file_download path traversal

September 16, 2025 Yanac

A vulnerability identified as critical has been detected in StoreEngine Plugin up to 1.5.0 on WordPress. Impacted is the function file_download. This manipulation causes path traversal.

This vulnerability is handled as CVE-2025-9215. The attack can be initiated remotely. There is not any exploit available.VulDB Recent EntriesRead More

CVE-2025-9216 | StoreEngine Plugin up to 1.5.0 on WordPress import unrestricted upload
CVE-2025-10143 | Catch Dark Mode Plugin up to 2.0 on WordPress Shortcode catch_dark_mode file inclusion