cbcvebase.
CVE-2025-30567
published 2025-03-25

CVE-2025-30567: Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01…

PriorityP179high7.5CVSS 3.1
AVNACLPRNUINSUCHINAN
ITWEXPLOITVulnCheck KEV
Exploited in the wild
EPSS
2.63%
83.6th percentile
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in WP01 WP01 wp01 allows Path Traversal.This issue affects WP01: from n/a through <= 2.6.2.

Affected

2 ranges
VendorProductVersion rangeFixed in
wp01wp01<= 2.6.2
wp01ruwp01<= 2.6.2

Detection & IOCsextracted from sources · hover to see the quote

url/wp-admin/admin-ajax.php?action=wp01_generate_zip_archive
path/wp-content/wp01-backup/wp-01-passwd.zip
filenamewp-01-passwd.zip
commandtarget=passwd&path=/etc/
  • Detect unauthenticated POST requests to the wp01_generate_zip_archive AJAX action, which triggers the path traversal vulnerability. Look for the 'action=wp01_generate_zip_archive' parameter in requests to /wp-admin/admin-ajax.php.
  • Monitor for GET requests to /wp-content/wp01-backup/ directory, especially for ZIP files, which indicates successful exploitation and file exfiltration.
  • The exploit uses a two-stage HTTP flow: first a POST to generate the ZIP archive, then a GET to download it. Correlate both requests from the same source IP to identify exploitation attempts.
  • ·The vulnerability is unauthenticated (PR:N), meaning no WordPress login is required to exploit it. Detection rules should not filter out unauthenticated requests to the AJAX endpoint.
  • ·Affected versions are WP01 up to and including 2.6.2. Version 2.6.3 and later contain the fix; ensure detections are scoped to vulnerable plugin versions where version fingerprinting is possible.
CVEs like this are exactly what “Exploited This Week” covers.

Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.