Lucene search
K

4513 matches found

EUVD
EUVD
added 1 hour ago3 views

EUVD-2026-42686

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS6AI score
Exploits0References9
NVD
NVD
added 4 hours ago4 views

CVE-2026-13492

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS
Exploits0References8
CVE
CVE
added 4 hours ago7 views

CVE-2026-13492

The CVE-2026-13492 entry concerns the WordPress UsersWP plugin (affected versions up to and including 1.2.65). The vulnerability arises from insufficient validation of file-field values in UsersWP_Validation::validate_fields(), which falls through to sanitize_text_field() for fields of type 'file...

8.8CVSS6AI score
Exploits0References8
Cvelist
Cvelist
added 4 hours ago3 views

CVE-2026-13492 UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field

The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWPValidation::validatefields function which falls through to sanitizetextfield for fields of type 'file',...

8.8CVSS
Exploits0References8
NVD
NVD
added 12 hours ago6 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS
Exploits0References13
Cvelist
Cvelist
added 13 hours ago8 views

CVE-2026-14372 Bit Form <= 3.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion via '_old' Parameter

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS
Exploits0References13
CVE
CVE
added 13 hours ago9 views

CVE-2026-14372

The Bit Form WordPress plugin (Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder) is affected up to version 3.1.1 due to insufficient file path validation in deleteFiles, enabling authenticated users with subscriber+ to delete arbitrary server files (poten...

7.1CVSS6.7AI score
Exploits0References13
ATTACKERKB
ATTACKERKB
added 13 hours ago3 views

CVE-2026-14372

The Bit Form – Contact Form, Payment Forms, Multi Step Forms, Calculator & Custom Form Builder plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteFiles function in all versions up to, and including, 3.1.1 This makes it possible for...

7.1CVSS6.7AI score
Exploits0References14
Nuclei
Nuclei
added 20 hours ago50 views

Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

7.5CVSS7.2AI score0.04728EPSS
Exploits2References6
Nuclei
Nuclei
added 20 hours ago41 views

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

8.1CVSS6AI score0.01367EPSS
Exploits1References4
CVE
CVE
added yesterday5 views

CVE-2026-58192

CVE-2026-58192 affects Appium’s storage-plugin: prior to 1.1.6, POST /storage/delete passes user-supplied name into path.join(storageRoot, name) and fs.rimraf() without sanitization, enabling an unauthenticated remote attacker to escape the storage root via ../ and delete arbitrary writable files...

8.6CVSS6.1AI score
Exploits0References4
NVD
NVD
added yesterday6 views

CVE-2026-14487

The Simple Coherent Form plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the removeUploadDir function in all versions up to, and including, 2.4.13. This makes it possible for unauthenticated attackers to delete arbitrary files on the serve...

9.1CVSS0.0074EPSS
Exploits0References6
CVE
CVE
added yesterday12 views

CVE-2026-14487

The CVE-2026-14487 entry concerns the WordPress plugin Simple Coherent Form (SCF). Affected versions are all up to and including 2.4.13. The root cause is insufficient file path validation in the removeUploadDir function, enabling unauthenticated deletion of arbitrary server files (e.g., wp-confi...

9.1CVSS6.8AI score0.0074EPSS
Exploits0References6
Cvelist
Cvelist
added 2 days ago30 views

CVE-2026-55631 DataEase: Path Traversal Leading to Arbitrary File Deletion via Font Management

DataEase is an open source data visualization and analysis tool. Prior to 2.10.24, the font management module allows authenticated users to submit an arbitrary fileTransName when creating a font record; when the record is later deleted, the backend concatenates that stored value with the font...

7.2CVSS0.00313EPSS
Exploits0References3
CVE
CVE
added 2 days ago12 views

CVE-2026-55631

DataEase exposes a path-traversal flaw in the font management module prior to version 2.10.24. Authenticated users could submit an arbitrary fileTransName when creating a font record; on deletion, the stored value is concatenated with the font storage directory and passed to FileUtils.deleteFile(...

7.2CVSS6.1AI score0.00313EPSS
Exploits0References3
CVE
CVE
added 2 days ago22 views

CVE-2026-12277

The CVE-2026-12277 vulnerability affects the WordPress Frontend File Manager Plugin (through version 23.6). It describes an improper validation of a file path derived from user input when deleting a referenced file, enabling unauthenticated users to delete arbitrary server files (e.g., wp-config....

8.7CVSS5.9AI score0.00231EPSS
Exploits1References1
Cvelist
Cvelist
added 2 days ago35 views

CVE-2026-12277 Frontend File Manager Plugin <= 23.6 - Unauthenticated Arbitrary File Deletion via Saved File Metadata Path Traversal

The Frontend File Manager Plugin WordPress plugin through 23.6 does not validate a file path derived from user input before deleting the referenced file, allowing unauthenticated users to delete arbitrary files on the server such as wp-config.php when guest upload mode is enabled. Deleting...

0.00231EPSS
Exploits1References1
ATTACKERKB
ATTACKERKB
added 3 days ago3 views

CVE-2026-59194

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS6AI score0.00257EPSS
Exploits1References2Affected Software1
AlpineLinux
AlpineLinux
added 3 days ago4 views

CVE-2026-59194

pnpm is a package manager. Prior to 10.34.4 and 11.7.0, a crafted patch entry could resolve outside the configured patches directory and cause pnpm patch-remove to delete an arbitrary reachable file. This vulnerability is fixed in 10.34.4 and 11.7.0...

7.1CVSS6AI score0.00257EPSS
Exploits1References1
RedHat Linux
RedHat Linux
added 3 days ago6 views

flatpak: Flatpak: Arbitrary file deletion on host via improper cache file path validation

A flaw was found in Flatpak, a Linux application sandboxing and distribution framework. The caching mechanism for ld.so dynamic linker/loader improperly removes outdated cache files without adequately verifying that the application-controlled path to the outdated cache is within the designated...

8.7CVSS7.1AI score0.00323EPSS
Exploits0References5
Rows per page
Query Builder