Lucene search
K

4 matches found

OSV
OSV
added 2025/06/28 6:15 a.m.4 views

CVE-2025-6755

The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths such a...

8.8CVSS6.3AI score0.00723EPSS
Exploits0References3
Circl
Circl
added 2025/06/28 5:51 a.m.9 views

CVE-2025-6755

creationtimestamp| type| source ---|---|--- 2025-06-28 05:51:13+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/19804 2025-06-28 07:24:38+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lsnmrz6tfw2m...

8.8CVSS4.8AI score0.00723EPSS
Exploits0References2
Cvelist
Cvelist
added 2025/06/28 5:29 a.m.11 views

CVE-2025-6755 Game Users Share Buttons <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter

The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths such a...

8.8CVSS0.00723EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/06/27 11:14 p.m.8 views

WordPress Game Users Share Buttons plugin <= 1.3.0 - Authenticated (Subscriber+) Arbitrary File Deletion via themeNameId Parameter vulnerability

Authenticated Subscriber+ Arbitrary File Deletion via themeNameId Parameter vulnerability discovered by theviper17y in WordPress Plugin Game Users Share Buttons versions = 1.3.0...

8.8CVSS6.8AI score0.00723EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder