WordPress Simple WP Events plugin <= 1.8.17 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by khanhhnahk1 - VNPT Cyber Immunity in WordPress Plugin Simple WP Events versions = 1.8.17...

EUVD-2025-199678

Unauthenticated Arbitrary File Deletion upgradecontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deleteupgrade parameter allows unauthenticated deletion of arbitrary...

EUVD-2025-199675

Unauthenticated Arbitrary File Deletion patchcontents.php in DB Electronica Telecomunicazioni S.p.A. Mozart FM Transmitter versions 30, 50, 100, 300, 500, 1000, 2000, 3000, 3500, 6000, 7000 allows an attacker to perform The deletepatch parameter allows unauthenticated deletion of arbitrary files...

CVE-2025-8141 Redirection for Contact Form 7 <= 3.2.4 - Unauthenticated Arbitrary File Deletion

The Redirection for Contact Form 7 plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteassociatedfiles function in all versions up to, and including, 3.2.4. This makes it possible for unauthenticated attackers to delete arbitrary fil...

CVE-2025-7778 Icons Factory <= 1.6.12 - Missing Authorization to Unauthenticated Arbitrary File Deletion via delete_files() Function

The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the deletefiles function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary...

WordPress Alone theme <= 7.8.3 - Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability

Missing Authorization to Unauthenticated Arbitrary File Deletion vulnerability discovered by Thái An in WordPress Theme Alone versions = 7.8.2...

CVE-2022-40980

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2...

CVE-2025-0109

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...

CVE-2025-0109

An unauthenticated file deletion vulnerability in the Palo Alto Networks PAN-OS management web interface enables an unauthenticated attacker with network access to the management web interface to delete certain files as the “nobody” user; this includes limited logs and configuration files but doe...

WordPress Startklar Elementor Addons plugin <= 1.7.13 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by István Márton in WordPress Plugin Startklar Elementor Addons versions = 1.7.13...

CVE-2023-32521

A path traversal exists in a specific service dll of Trend Micro Mobile Security Enterprise 9.8 SP5 which could allow an unauthenticated remote attacker to delete arbitrary files...

CVE-2022-4101 Images Optimize and Upload CF7 <= 2.1.4 - Unauthenticated Arbitrary File Deletion

The Images Optimize and Upload CF7 WordPress plugin through 2.1.4 does not validate the file to be deleted via an AJAX action available to unauthenticated users, which could allow them to delete arbitrary files on the server via path traversal attack...

CVE-2022-40980

A potential unathenticated file deletion vulnerabilty on Trend Micro Mobile Security for Enterprise 9.8 SP5 could allow an attacker with access to the Management Server to delete files. This issue was resolved in 9.8 SP5 Critical Patch 2...

CVE-2021-45427

Emerson XWEB 300D EVO 3.0.7--3ee403 is affected by: unauthenticated arbitrary file deletion due to path traversal. An attacker can browse and delete files without any authentication due to incorrect access control and directory traversal...

glpi -- Unauthenticated File Deletion

MITRE Corporation reports: In GLPI before version 9.5.2, the pluginimage.send.php endpoint allows a user to specify an image from a plugin. The parameters can be maliciously crafted to instead delete the .htaccess file for the files directory. Any user becomes able to read all the files and folde...

CVE-2019-17234

includes/class-coming-soon-creator.php in the igniteup plugin through 3.4 for WordPress allows unauthenticated arbitrary file deletion...