CVE-2026-6670— Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters
Possible ATT&CK Techniques 2AI
T1222 · File and Directory Permissions Modification T1083 · File and Directory DiscoveryAffected Version Matrix 1
| Vendor | Product | Version Range | Status |
|---|---|---|---|
| erolsk8 | Media Sync | ≤ 1.4.9 | affected |
Get alerts for future matching vulnerabilitiesLog in to subscribe
I. Basic Information for CVE-2026-6670
Vulnerability Information
Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗ Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.
Vulnerability Title
Media Sync <= 1.4.9 - Authenticated (Author+) Path Traversal via 'sub_dir' and 'media_items' Parameters
Source: NVD (National Vulnerability Database)
Vulnerability Description
The Media Sync plugin for WordPress is vulnerable to Path Traversal in all versions up to, and including, 1.4.9 via the 'sub_dir' and 'media_items' parameters. This is due to insufficient validation of user-supplied file paths, which are not checked for directory traversal sequences or restricted to the intended uploads directory. This makes it possible for authenticated attackers, with Author-level access and above, to perform actions on files outside of the originally intended directory.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
Source: NVD (National Vulnerability Database)
Vulnerability Type
对路径名的限制不恰当(路径遍历)
Source: NVD (National Vulnerability Database)
Vulnerability Title
WordPress plugin Media Sync 路径遍历漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
WordPress和WordPress plugin都是WordPress基金会的产品。WordPress是一套使用PHP语言开发的博客平台。该平台具有在基于PHP和MySQL的服务器上架设个人博客网站的功能。WordPress plugin是一个应用插件。 WordPress plugin Media Sync 1.4.9及之前版本存在路径遍历漏洞,该漏洞源于通过sub_dir和media_items参数对用户提供的文件路径验证不足,可能导致经过身份验证的攻击者访问原始目录之外的文件。
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)
Affected Products
| Vendor | Product | Affected Versions | CPE | Subscribe |
|---|---|---|---|---|
| erolsk8 | Media Sync | 0 ~ 1.4.9 | - |
II. Public POCs for CVE-2026-6670
| # | POC Description | Source Link | Shenlong Link |
|---|
AI-Generated POCPremium
No public POC found.
Login to generate AI POCIII. Intelligence Information for CVE-2026-6670
请登录查看更多情报信息。
IV. Related Vulnerabilities
Same weakness: CWE-22
- CVE-2026-8757
adenhq hive Delete Request routes_sessions.py _read_events_t - CVE-2026-8756
fishaudio Bert-VITS2 Gradio webui_preprocess.py generate_con - CVE-2026-8755
fishaudio Bert-VITS2 Model hiyoriUI.py _get_all_models path - CVE-2026-8754
AstrBotDevs AstrBot File Upload chat.py post_file path trave - CVE-2018-25325
Woocommerce CSV Importer 3.3.6 Path Traversal File Deletion
V. Comments for CVE-2026-6670
No comments yet