A vulnerability categorized as critical has been discovered in erolsk8 Media Sync Plugin up to 1.4.9 on WordPress. This issue affects some unknown processing. The manipulation of the argument sub_dir/media_items results in path traversal. This vulnerability is known as CVE-2026-6670 . It is possible to launch the attack remotely. No exploit is available.