CVE-2017-20250 HIGH

CVE-2017-20250: WordPress Plugin Mac Photo Gallery 3.0 Arbitrary File Download

Vendor Apptha

Product Mac Photo Gallery

Weakness CWE-22 · Path traversal

Published June 9, 2026

Last update June 9, 2026

View on NVD All CVEs

CVSS base score

8.7/10

Attack vector Network

Attack complexity Low

Privileges required None

User interaction None

Confidentiality —

Integrity —

CVSS vector

CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:N/VA:N/SC:N/SI:N/SA:N

What the vulnerability does

Description

Mac Photo Gallery 3.0 contains a path traversal vulnerability that allows unauthenticated attackers to download arbitrary files by manipulating the albid parameter. Attackers can send requests to macdownload.php with directory traversal sequences to access sensitive files like wp-load.php outside the intended plugin directory.

Key dates

Disclosure timeline

June 9, 2026 CVE published

June 9, 2026 Record updated