PT-2026-35423

https://t.co/pupgsVuh70 CVE-2026-39468 meta-box CVSS Score 8.1 WordPress plugin vulnerability cybersecurity wordpressfirewall wordpresssecurity hacking wpsecurity atomicedge...

WordPress Meta Box – WordPress Custom Fields Framework plugin <= 5.11.1 - Arbitrary File Deletion vulnerability

Arbitrary File Deletion vulnerability discovered by Nguyen Ba Khanh in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.11.1...

WordPress Meta Box plugin <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion vulnerability

Authenticated Contributor+ Arbitrary File Deletion vulnerability discovered by JongHwan Shin zzzsleep in WordPress Plugin Meta Box – WordPress Custom Fields Framework versions = 5.11.1...

CVE-2025-14675

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

EUVD-2025-208353

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

GHSA-M4Q3-832V-44J6 Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-14675

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-14675

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-14675

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-14675 Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-14675 Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

CVE-2025-14675

The Meta Box WordPress plugin is affected by CVE-2025-14675 due to insufficient file path validation in the ajax_delete_file function, exposing all versions up to 5.11.1 to arbitrary file deletion. An authenticated attacker with Contributor-level access or higher can delete arbitrary files on the...

PT-2026-23832

Name of the Vulnerable Software and Affected Versions Meta Box versions prior to 5.11.2 Description The Meta Box plugin for WordPress is susceptible to arbitrary file deletion. This is due to inadequate file path validation within the ajax delete file function. Authenticated attackers possessing...

WordPress plugin Meta Box 路径遍历漏洞

WordPress and WordPress plugins are both products of the WordPress Foundation. WordPress is a blog platform developed using the PHP language. This platform allows users to create personal blog websites on servers based on PHP and MySQL. A WordPress plugin is an application extension. WordPress...

CVE-2026-0687

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

CVE-2026-1302

CVE-2026-1302 — Meta-box GalleryMeta (WordPress) is a stored cross-site scripting (XSS) vulnerability affecting versions up to 3.0.1 via admin/settings input, exploitable by authenticated users with Editor+ privileges. Impact is limited to multisite installs and sites where unfiltered_html is dis...

CVE-2026-0687 Meta-box GalleryMeta <= 3.0.1 - Missing Authorization to Authenticated (Author+) Gallery Management

The Meta-box GalleryMeta plugin for WordPress is vulnerable to unauthorized modification of data due to a missing capability check on the 'mbgallery' custom post type in all versions up to, and including, 3.0.1. This makes it possible for authenticated attackers, with Author-level access and abov...

EUVD-2019-5926

Malware in sbrugna...

EUVD-2019-5925

Malware in sbrugna...