94 matches found
CVE-2022-50972
Summary: CVE-2022-50972 affects WooCommerce 7.1.0 and describes a remote code execution vulnerability. The issue arises from unsanitized values passed to the product-type parameter in the class-wc-meta-box-product-images.php endpoint, allowing an attacker to write arbitrary PHP files to the web r...
EUVD-2026-36933
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...
CVE-2026-39468
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...
CVE-2026-39468 WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework = 5.11.1 versions...
CVE-2026-39468
WordPress Meta Box – WordPress Custom Fields Framework plugin
PT-2026-35423
Name of the Vulnerable Software and Affected Versions Meta Box – WordPress Custom Fields Framework versions prior to 5.11.2 Description A flaw allows users with contributor privileges to perform arbitrary file deletion. Recommendations Update to version 5.11.2 or later...
WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability
Arbitrary File Deletion vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.11.1...
WordPress Meta Box plugin <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion vulnerability
Authenticated Contributor+ Arbitrary File Deletion vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.11.1...
CVE-2025-14675
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
EUVD-2025-208353
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
GHSA-M4Q3-832V-44J6 Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675 Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675 Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion
The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...
CVE-2025-14675
The Meta Box WordPress plugin is affected by CVE-2025-14675 due to insufficient file path validation in the ajax_delete_file function, exposing all versions up to 5.11.1 to arbitrary file deletion. An authenticated attacker with Contributor-level access or higher can delete arbitrary files on the...
PT-2026-23832
Name of the Vulnerable Software and Affected Versions Meta Box versions prior to 5.11.2 Description The Meta Box plugin for WordPress is susceptible to arbitrary file deletion. This is due to inadequate file path validation within the ajax delete file function. Authenticated attackers possessing...
WordPress plugin Meta Box 路径遍历漏洞
WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...