CVE-2018-25326

Voidly

NIST · via Voidly Atlas

CVE-2018-25326

This is the agency's own public-domain data, curated and made citable by Voidly. Voidly adds no independent claim — always verify against the linked canonical source.

cve id

CVE-2018-25326

published

2026-05-17T13:16:44.050

last modified

2026-05-17T13:16:44.050

status

Received

description

Google Drive for WordPress 2.2 contains a path traversal vulnerability that allows unauthenticated attackers to read arbitrary files by injecting directory traversal sequences in the file_name parameter. Attackers can send POST requests to gdrive-ajaxs.php with the ajaxstype parameter set to del_fl_bkp and file_name containing traversal sequences ../../wp-config.php to access sensitive configuration files.

cvss score

7.5

cvss severity

HIGH

cvss vector

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:N/A:N

cwes

CWE-22

cpe count

0

Verify at NIST National Vulnerability Database ↗

Cite this record

CVE-2018-25326 — HIGH. NIST, via Voidly Atlas — Surveillance & Digital-Rights Watch. Retrieved 2026-06-07, https://voidly.ai/atlas/federal/nvd-cves/CVE-2018-25326

@misc{voidly_nvd_cves_CVE201825326,
  title        = {CVE-2018-25326 — HIGH},
  author       = {{Voidly}},
  howpublished = {\url{https://voidly.ai/atlas/federal/nvd-cves/CVE-2018-25326}},
  note         = {Source: NIST National Vulnerability Database, https://nvd.nist.gov/vuln/detail/CVE-2018-25326. Public domain (17 U.S.C. §105); re-surfaced under CC BY 4.0},
  urldate      = {2026-06-07},
  year         = {2026}
}

Also available as JSON/BibTeX/APA: API record. Source data is U.S. federal public domain (17 U.S.C. §105). Re-surfaced by Voidly under CC BY 4.0.