CVE-2025-24605: 
WordPress vulnerability analysis and mitigation

A Path Traversal vulnerability (CVE-2025-24605) was discovered in the WordPress WOLF plugin affecting versions up to 1.0.8.5. The vulnerability was reported by Trương Hữu Phúc on November 27, 2024, and was publicly disclosed by Patchstack on December 29, 2024. The vulnerability allows for improper limitation of pathname to restricted directories in the realmag777 WOLF plugin (Patchstack).

The vulnerability is classified as a Path Traversal (CWE-22) issue with a CVSS v3.1 base score of 4.9 (Medium) and vector string CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N. The vulnerability requires Editor privileges to exploit and affects the plugin's directory handling mechanisms (Patchstack, NVD).

The vulnerability has been assessed as moderately dangerous with a CVSS score of 7.5, indicating potential for significant impact. If exploited, it could allow attackers with Editor privileges to traverse directory paths, potentially accessing unauthorized files on the system (Patchstack).

Users are advised to update to version 1.0.8.6 or later which contains the fix for this vulnerability. For immediate protection, Patchstack has issued a virtual patch to mitigate this issue by blocking potential attacks until users can update to the fixed version (Patchstack).