Lucene search
+L

4550 matches found

Nuclei
Nuclei
added 9 hours ago47 views

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

8.1CVSS5.4AI score0.01367EPSS
Exploits1References4
Nuclei
Nuclei
added 9 hours ago52 views

Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

7.5CVSS7.9AI score0.04728EPSS
Exploits2References6
Cvelist
Cvelist
added 3 days ago43 views

CVE-2026-15008 Uncanny Automator <= 7.3.1.4 - Unauthenticated PHP Object Injection to Arbitrary File Deletion via Forminator Submitted-Field Token

The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the frtoken function in all versions up to, and including, 7.3.1.4. This makes it possible for...

8.1CVSS0.00582EPSS
Exploits0References7
CVE
CVE
added 3 days ago19 views

CVE-2026-15008

The CVE concerns The Uncanny Automator – Easy Automation, Integration, Webhooks & Workflow Builder Plugin for WordPress. All versions up to and including 7.3.1.4 are affected by an arbitrary file deletion vulnerability caused by insufficient file path validation in the fr_token function, enabling...

8.1CVSS6.5AI score0.00582EPSS
Exploits0References7
NVD
NVD
added 5 days ago9 views

CVE-2026-11563

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

9.6CVSS0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 5 days ago33 views

CVE-2026-11563 Word Count and Social Shares <= 1.0 - Subscriber+ Arbitrary File Deletion via Path Traversal

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full...

0.00165EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-15684 Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability

Glarysoft Glary Utilities Link Following Local Privilege Escalation Vulnerability. This vulnerability allows local attackers to escalate privileges on affected installations of Glarysoft Glary Utilities. An attacker must first obtain the ability to execute low-privileged code on the target system...

7.3CVSS0.00142EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago30 views

CVE-2026-57401 WordPress SureDash plugin <= 1.8.0 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through = 1.8.0...

9.9CVSS0.00382EPSS
Exploits0References1
CVE
CVE
added 6 days ago12 views

CVE-2026-57709

CVE-2026-57709 affects the WordPress plugin WP Swings Membership For WooCommerce (Membership For WooCommerce) up to version 3.1.0. The issue is a path traversal vulnerability caused by improper limitation of a pathname to a restricted directory, enabling arbitrary file deletion. CVSS v3.1 base sc...

8.6CVSS6.1AI score0.00382EPSS
Exploits0References1
CVE
CVE
added 6 days ago8 views

CVE-2026-57389

CVE-2026-57389 affects Groundhogg WordPress plugin versions up to 4.4.1. The issue is described as an improper limitation of a pathname to a restricted directory (path traversal) that allows arbitrary file deletion. NVD/Patchstack entries indicate a High severity (CVSS 3.1 base score 8.6) with ne...

8.6CVSS6.1AI score0.00382EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago26 views

CVE-2026-57389 WordPress Groundhogg plugin <= 4.4.1 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in Adrian Tobey Groundhogg groundhogg allows Path Traversal.This issue affects Groundhogg: from n/a through = 4.4.1...

8.6CVSS0.00382EPSS
Exploits0References1
Cvelist
Cvelist
added 6 days ago36 views

CVE-2026-57830 Joomla Extension - joomshaper.com - Unauthenticated arbitrary file deletion in Helix Ultimate < 2.2.7

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion...

8.8CVSS0.00243EPSS
Exploits1References1
Vulnrichment
Vulnrichment
added 6 days ago6 views

CVE-2026-57830 Joomla Extension - joomshaper.com - Unauthenticated arbitrary file deletion in Helix Ultimate < 2.2.7

The Joomla extension Helix Ultimate is vulnerable to an unauthenticated arbitrary file deletion...

8.8CVSS6.2AI score0.00243EPSS
Exploits1References1
NVD
NVD
added 2026/07/09 7:17 p.m.8 views

CVE-2026-13492

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS0.00525EPSS
Exploits0References8
CVE
CVE
added 2026/07/09 6:33 p.m.10 views

CVE-2026-13492

The CVE-2026-13492 entry concerns the WordPress UsersWP plugin (affected versions up to and including 1.2.65). The vulnerability arises from insufficient validation of file-field values in UsersWP_Validation::validate_fields(), which falls through to sanitize_text_field() for fields of type 'file...

8.8CVSS6AI score0.00525EPSS
Exploits0References8
Cvelist
Cvelist
added 2026/07/09 6:33 p.m.30 views

CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS0.00525EPSS
Exploits0References8
EUVD
EUVD
added 2026/07/09 6:33 p.m.7 views

EUVD-2026-42686

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score0.00525EPSS
Exploits0References8
ATTACKERKB
ATTACKERKB
added 2026/07/09 6:33 p.m.8 views

CVE-2026-13492

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score0.00525EPSS
Exploits0References9
OSV
OSV
added 2026/07/09 6:33 p.m.5 views

CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6.2AI score0.00525EPSS
Exploits0References10
Patchstack
Patchstack
added 2026/07/09 2:18 p.m.6 views

WordPress Membership For WooCommerce plugin <= 3.1.0 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by sebbealb in WordPress Plugin Membership For WooCommerce versions = 3.1.0...

8.6CVSS6.1AI score0.00382EPSS
Exploits0Affected Software1
Rows per page
Query Builder