CVE-2026-32415
Received Received - Intake
Path Traversal Vulnerability in Squeeze ≀ 1.7.7 Allows Unauthorized Access

Publication date: 2026-03-13

Last updated on: 2026-03-17

Assigner: Patchstack

Description
Path Traversal: '.../...//' vulnerability in Bogdan Bendziukov Squeeze squeeze allows Path Traversal.This issue affects Squeeze: from n/a through <= 1.7.7.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2026-03-13
Last Modified
2026-03-17
Generated
2026-06-16
AI Q&A
2026-03-13
EPSS Evaluated
2026-06-15
NVD
CVE-2026-32415
EUVD
EUVD-2026-11935
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
bogdan_bendziukov squeeze to 1.7.7 (inc)
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-35 The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

The CVE-2026-32415 vulnerability is a Directory Traversal flaw in the WordPress Squeeze Plugin versions up to and including 1.7.7.

This vulnerability allows a malicious actor to access all files within a given directory or verify the existence of specific files or directories.

It falls under the OWASP Top 10 category A1: Broken Access Control.

The vulnerability requires only subscriber or developer privileges to exploit.

Impact Analysis

[{'type': 'paragraph', 'content': "This vulnerability can allow an attacker to access sensitive files within the plugin's directories, potentially exposing confidential information."}, {'type': 'paragraph', 'content': 'By verifying the existence of specific files or directories, an attacker might exploit other system weaknesses.'}, {'type': 'paragraph', 'content': 'Although the CVSS severity score is 5, indicating a low priority threat with limited impact, it still poses a risk to the security of the affected system.'}] [1]

Compliance Impact

I don't know

Detection Guidance

[{'type': 'paragraph', 'content': 'This vulnerability affects the WordPress Squeeze Plugin versions up to and including 1.7.7. Detection can start by identifying if this plugin version is installed on your system.'}, {'type': 'list_item', 'content': 'Check the installed version of the Squeeze plugin in your WordPress installation by navigating to the plugins directory and inspecting the plugin version file or using WordPress admin dashboard.'}, {'type': 'list_item', 'content': "Use commands to list the plugin version, for example, via command line in the WordPress plugins directory: `grep 'Version' squeeze/squeeze.php` or similar to find the version number."}, {'type': 'list_item', 'content': "Monitor web server logs for suspicious requests containing path traversal patterns such as '.../...//' which may indicate exploitation attempts."}] [1]

Mitigation Strategies

The primary mitigation step is to update the Squeeze plugin to version 1.7.8 or later, where this vulnerability has been patched.

  • Apply the official patch or update provided by the plugin developer as soon as possible.
  • Use automated update tools such as Patchstack to rapidly protect vulnerable plugins.
  • Restrict subscriber or developer privileges to trusted users only, as the vulnerability requires such privileges to be exploited.
Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2026-32415. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart