CVE-2026-1557
📋 TL;DR
The WP Responsive Images WordPress plugin contains a path traversal vulnerability in the 'src' parameter that allows unauthenticated attackers to read arbitrary files on the server. This affects all versions up to and including 1.0, potentially exposing sensitive configuration files, credentials, and other confidential data.
💻 Affected Systems
- WP Responsive Images WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers could read sensitive files like wp-config.php containing database credentials, SSH keys, or other configuration files, leading to complete site compromise and data exfiltration.
Likely Case
Attackers will read WordPress configuration files to obtain database credentials and potentially gain administrative access to the site.
If Mitigated
With proper file permissions and web server restrictions, impact is limited to readable files within the web root directory.
🎯 Exploit Status
The vulnerability is simple to exploit via HTTP requests with directory traversal sequences in the 'src' parameter.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Not available
Vendor Advisory: Not available
Restart Required: No
Instructions:
1. Remove the WP Responsive Images plugin completely from your WordPress installation. 2. Delete the plugin files from /wp-content/plugins/wp-responsive-images/. 3. Consider alternative responsive image solutions.
🔧 Temporary Workarounds
Web Server Path Restriction
linuxConfigure web server to block directory traversal attempts in the plugin's endpoint
# For Apache: Add to .htaccess
RewriteCond %{QUERY_STRING} (\.\.%2F|\.\./) [NC]
RewriteRule ^ - [F]
🧯 If You Can't Patch
- Disable or remove the WP Responsive Images plugin immediately
- Implement web application firewall rules to block path traversal patterns in requests
🔍 How to Verify
Check if Vulnerable:
Check if /wp-content/plugins/wp-responsive-images/ directory exists and contains version 1.0 or earlier filesCheck Version:
Check WordPress admin panel > Plugins page or examine /wp-content/plugins/wp-responsive-images/readme.txtVerify Fix Applied:
Confirm the wp-responsive-images directory has been completely removed from /wp-content/plugins/📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' or '..%2F' patterns to plugin endpoints
- Unusual file access patterns from single IP addresses
Network Indicators:
- HTTP GET requests with traversal sequences in query parameters
- Requests to /wp-content/plugins/wp-responsive-images/ with 'src' parameter
SIEM Query:
source="web_logs" AND (uri_path="*wp-responsive-images*" AND query="*..%2F*" OR query="*../*")🔗 References
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/SBOutputFile.php#L33
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/WPResponsiveImages.php#L265
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/tags/1.0/image_handler.php#L28
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/SBOutputFile.php#L33
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/WPResponsiveImages.php#L265
- https://plugins.trac.wordpress.org/browser/wp-responsive-images/trunk/image_handler.php#L28
- https://www.wordfence.com/threat-intel/vulnerabilities/id/22c6f81b-d456-44b9-ba6c-8b207a9ee6e1?source=cve
