CVE-2026-6670

MEDIUM 6.5

Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters

CVSS Score

6.5

EPSS Score

0.0%

EPSS Percentile

0th

The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted to the intended uploads directory. This makes it possible for authenticated attackers, with Author-level access and above, to perform actions on files outside of the originally intended directory.

CWE	CWE-22
Vendor	erolsk8
Product	media sync
Published	May 14, 2026

Stay Ahead of the Next One

Get instant alerts for erolsk8 media sync

Be the first to know when new medium vulnerabilities affecting erolsk8 media sync are published — delivered to Slack, Telegram or Discord.

Get Free Alerts → Free · No credit card · 60 sec setup

CVSS v3 Breakdown

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

Affected Versions

erolsk8 / Media Sync

0 ≤ 1.4.9

References

NVD ↗ CVE.org ↗ EPSS Data ↗

wordfence.com: https://www.wordfence.com/threat-intel/vulnerabilities/id/ebbc420d-43fd-48c4-8507-6d94b9fed565?source=cve plugins.trac.wordpress.org: https://plugins.trac.wordpress.org/changeset/3511221/media-sync

Credits

Drew Webber