Lucene search
+L

5 matches found

github
github
added 2026/03/07 9:30 a.m.11 views

Meta Box Plugin for WordPress: Authenticated (Contributor+) Arbitrary File Deletion via ajax_delete_file

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS6.4AI score0.00654EPSS
Exploits0References8Affected Software1
nvd
nvd
added 2026/03/07 8:16 a.m.9 views

CVE-2025-14675

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS0.00654EPSS
Exploits0References5
cvelist
cvelist
added 2026/03/07 7:22 a.m.35 views

CVE-2025-14675 Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS0.00654EPSS
Exploits0References5
cve
cve
added 2026/03/07 7:22 a.m.24 views

CVE-2025-14675

The Meta Box WordPress plugin is affected by CVE-2025-14675 due to insufficient file path validation in the ajax_delete_file function, exposing all versions up to 5.11.1 to arbitrary file deletion. An authenticated attacker with Contributor-level access or higher can delete arbitrary files on the...

7.2CVSS6.4AI score0.00654EPSS
Exploits0References5
attackerkb
attackerkb
added 2026/03/07 7:22 a.m.4 views

CVE-2025-14675

The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajaxdeletefile' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete...

7.2CVSS6.4AI score0.00654EPSS
Exploits0References6
Rows per page
Query Builder