This vulnerability (CVE-2024-49258) in the Limbcode WordPress Gallery Plugin – Limb Image Gallery allows an attacker with low privileges to perform a path traversal attack using the '.../...//' sequence. This can potentially expose sensitive files outside the intended directory scope. The issue affects all versions up to 1.5.7. The CVSS 3.1 vector indicates the attack can be performed remotely over the network with low complexity and no user interaction, impacting confidentiality but not integrity or availability. No known exploits are reported in the wild, and no patch or official fix has been referenced.

Successful exploitation could allow an attacker to read sensitive files on the server by traversing directories, leading to a confidentiality breach. There is no indication of impact on data integrity or service availability. The vulnerability requires low privileges but no user interaction, making it moderately risky in environments where the plugin is installed and accessible.

Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is released, consider restricting access to the plugin's file handling features or applying web application firewall (WAF) rules to detect and block path traversal patterns such as '.../...//'. Monitor for vendor updates and apply patches promptly once available.