Skip to main content
Radar
DashboardThreatsMapFeedsAPI
reconnecting

CVE-2025-48158: CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') in Alex Githatu BuddyPress XProfile Custom Image Field

High
VulnerabilityCVE-2025-48158cvecve-2025-48158cwe-22
Published: Wed Aug 20 2025 (08/20/2025, 08:03:31 UTC)
Source: CVE Database V5
Vendor/Project: Alex Githatu
Product: BuddyPress XProfile Custom Image Field

Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Alex Githatu BuddyPress XProfile Custom Image Field allows Path Traversal. This issue affects BuddyPress XProfile Custom Image Field: from n/a through 3.0.1.

Technical Details

Data Version
5.1
Assigner Short Name
Patchstack
Date Reserved
2025-05-15T18:02:03.511Z
Cvss Version
3.1
State
PUBLISHED

Threat ID: 68a584b3ad5a09ad0002e2ad

Added to database: 8/20/2025, 8:17:55 AM

Last updated: 8/20/2025, 8:17:55 AM

Views: 1

Related Threats

CVE-2025-55715: CWE-201 Insertion of Sensitive Information Into Sent Data in Themeisle Otter - Gutenberg Block

High
VulnerabilityWed Aug 20 2025

CVE-2025-54750: CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') in FunnelKit Funnel Builder by FunnelKit

High
VulnerabilityWed Aug 20 2025

CVE-2025-54735: CWE-266 Incorrect Privilege Assignment in Emraan Cheema CubeWP Framework

High
VulnerabilityWed Aug 20 2025

CVE-2025-54726: CWE-89 Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') in Miguel Useche JS Archive List

Critical
VulnerabilityWed Aug 20 2025

CVE-2025-54713: CWE-288 Authentication Bypass Using an Alternate Path or Channel in magepeopleteam Taxi Booking Manager for WooCommerce

Critical
VulnerabilityWed Aug 20 2025

Actions

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats