CVE-2026-32415
Path Traversal Vulnerability in Squeeze β€ 1.7.7 Allows Unauthorized Access
Publication date: 2026-03-13
Last updated on: 2026-03-17
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| bogdan_bendziukov | squeeze | to 1.7.7 (inc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-35 | The product uses external input to construct a pathname that should be within a restricted directory, but it does not properly neutralize '.../...//' (doubled triple dot slash) sequences that can resolve to a location that is outside of that directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The CVE-2026-32415 vulnerability is a Directory Traversal flaw in the WordPress Squeeze Plugin versions up to and including 1.7.7.
This vulnerability allows a malicious actor to access all files within a given directory or verify the existence of specific files or directories.
It falls under the OWASP Top 10 category A1: Broken Access Control.
The vulnerability requires only subscriber or developer privileges to exploit.
How can this vulnerability impact me? :
[{'type': 'paragraph', 'content': "This vulnerability can allow an attacker to access sensitive files within the plugin's directories, potentially exposing confidential information."}, {'type': 'paragraph', 'content': 'By verifying the existence of specific files or directories, an attacker might exploit other system weaknesses.'}, {'type': 'paragraph', 'content': 'Although the CVSS severity score is 5, indicating a low priority threat with limited impact, it still poses a risk to the security of the affected system.'}] [1]
How does this vulnerability affect compliance with common standards and regulations (like GDPR, HIPAA)?:
I don't know
How can this vulnerability be detected on my network or system? Can you suggest some commands?
[{'type': 'paragraph', 'content': 'This vulnerability affects the WordPress Squeeze Plugin versions up to and including 1.7.7. Detection can start by identifying if this plugin version is installed on your system.'}, {'type': 'list_item', 'content': 'Check the installed version of the Squeeze plugin in your WordPress installation by navigating to the plugins directory and inspecting the plugin version file or using WordPress admin dashboard.'}, {'type': 'list_item', 'content': "Use commands to list the plugin version, for example, via command line in the WordPress plugins directory: `grep 'Version' squeeze/squeeze.php` or similar to find the version number."}, {'type': 'list_item', 'content': "Monitor web server logs for suspicious requests containing path traversal patterns such as '.../...//' which may indicate exploitation attempts."}] [1]
What immediate steps should I take to mitigate this vulnerability?
The primary mitigation step is to update the Squeeze plugin to version 1.7.8 or later, where this vulnerability has been patched.
- Apply the official patch or update provided by the plugin developer as soon as possible.
- Use automated update tools such as Patchstack to rapidly protect vulnerable plugins.
- Restrict subscriber or developer privileges to trusted users only, as the vulnerability requires such privileges to be exploited.