CVE-2025-32671: 
WordPress vulnerability analysis and mitigation

The Print Science Designer WordPress plugin, versions up to 1.3.155, contains a path traversal vulnerability (CVE-2025-32671) that was discovered and reported by security researcher 0xd4rk5id3. The vulnerability was disclosed on April 9, 2025, and allows unauthenticated attackers to perform arbitrary file downloads (Patchstack).

The vulnerability is classified as a path traversal issue (CWE-22) with a CVSS v3.1 score of 7.5 (High). The attack vector is network-accessible (AV:N), requires low attack complexity (AC:L), needs no privileges (PR:N), requires no user interaction (UI:N), has unchanged scope (S:U), and can result in high confidentiality impact (C:H) with no impact on integrity (I:N) or availability (A:N) (NVD).

This vulnerability could allow malicious actors to download any file from the affected website, including sensitive files containing login credentials or backup files. The high CVSS score of 7.5 indicates that this vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

As of the latest reports, no official fix is available for this vulnerability. Patchstack has issued a virtual patch to mitigate the issue by blocking potential attacks until an official fix becomes available. Website administrators are advised to implement the virtual patch immediately or consider alternative security measures (Patchstack).