Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

EUVD-2026-39968

The Frontend File Manager Plugin plugin for WordPress is vulnerable to Authenticated Arbitrary File Deletion in versions up to and including 23.6. This is due to a case-sensitive bypass of the wpfmdirpath parameter sanitization in the wpfmfilemetaupdate AJAX handler, where supplying WPFMDIRPATH i...

CVE-2026-8095

CVE-2026-8095 — The Frontend File Manager Plugin for WordPress (up to version 23.6) is vulnerable to Authenticated Arbitrary File Deletion. A case-sensitive bypass of the wpfm_dir_path parameter sanitization in the wpfm_file_meta_update AJAX handler allows an attacker to overwrite the stored file...

EUVD-2026-39733

Contributor Arbitrary File Deletion in H5P = 1.17.7 versions...

CVE-2026-57321

The CVE-2026-57321 entry concerns the WordPress H5P plugin versions up to 1.17.7, describing an Arbitrary File Deletion vulnerability. The connected documents confirm the affected product (H5P WordPress plugin) and the issue type (arbitrary file deletion) with a CVSS v3.1 base score of 7.1 (High)...

EUVD-2026-39719

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...

CVE-2026-56066 WordPress ShortPixel Adaptive Images plugin <= 3.11.4 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in ShortPixel Adaptive Images = 3.11.4 versions...

CVE-2026-56054 WordPress JS Help Desk plugin <= 3.1.1 - Arbitrary File Deletion vulnerability

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

CVE-2026-56054

CVE-2026-56054 affects the WordPress JS Help Desk plugin (versions &lt;= 3.1.1). The vulnerability allows Arbitrary File Deletion within the plugin, with impact described as high (availability impact) and CVSS 3.1 base score 7.7. The advisory does not provide root cause specifics or remediation s...

EUVD-2026-39383

Subscriber Arbitrary File Deletion in JS Help Desk = 3.1.1 versions...

EUVD-2026-39113

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

CVE-2026-9775

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

CVE-2026-9775 ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon uploadSSL Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the uploadSSL...

CVE-2026-9774

CVE-2026-9774 affects ATEN Unizon via the updateLicense directory traversal, enabling arbitrary file deletion. The flaw stems from insufficient validation of a user-supplied path used in file operations. The vulnerability is exploitable remotely over network with authentication required; impact i...

CVE-2026-9774 ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability

ATEN Unizon updateLicense Directory Traversal Arbitrary File Deletion Vulnerability. This vulnerability allows remote attackers to delete arbitrary files on affected installations of ATEN Unizon. Authentication is required to exploit this vulnerability. The specific flaw exists within the...

PT-2026-52121

Name of the Vulnerable Software and Affected Versions ATEN Unizon affected versions not specified Description A directory traversal flaw exists in the updateLicense method, where a lack of proper validation of user-supplied paths allows authenticated remote attackers to delete arbitrary files. Th...

CVE-2026-11911

The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFLDeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...

CVE-2026-11911

The CVE-2026-11911 issue affects the WordPress plugin Simple File List (up to version 6.3.7). The root cause is insufficient file path validation in eeSFL_DeleteFile, enabling unauthenticated deletion of arbitrary server files. The vulnerability is exploitable via unauthenticated requests, as the...

EUVD-2026-38106

The Simple File List plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the eeSFLDeleteFile function in all versions up to, and including, 6.3.7. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...