Lucene search
K

4483 matches found

Nuclei
Nuclei
added yesterday39 views

Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

7.5CVSS7.2AI score0.04728EPSS
Exploits2References6
Nuclei
Nuclei
added yesterday18 views

WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

8.1CVSS6AI score0.01367EPSS
Exploits1References4
EUVD
EUVD
added 3 days ago6 views

EUVD-2026-41488

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 3 days ago9 views

CVE-2026-9725

The Printcart Web to Print Product Designer for WooCommerce plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 2.5.2 This is due to insufficient path validation in the storedesigndata function, which constructs a filesystem path from the user-supplied...

9.1CVSS6.5AI score0.00742EPSS
Exploits0References7
CVE
CVE
added 3 days ago15 views

CVE-2026-9725

The CVE-2026-9725 issue affects the Printcart Web to Print Product Designer for WooCommerce plugin for WordPress (versions

9.1CVSS6.5AI score0.00742EPSS
Exploits0References6
CVE
CVE
added 4 days ago14 views

CVE-2026-7311

The TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress (up to version 3.6.13) is vulnerable to arbitrary file deletion due to insufficient file path validation in delete_converted_image_size. Authenticated attackers with author-level access can delete arbitrary files on the server ...

8.1CVSS6.5AI score0.0067EPSS
Exploits0References6
ATTACKERKB
ATTACKERKB
added 4 days ago4 views

CVE-2026-5821

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References9
EUVD
EUVD
added 4 days ago7 views

EUVD-2026-41247

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References8
Cvelist
Cvelist
added 4 days ago36 views

CVE-2026-5821 Image Optimizer <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion via Post Meta Field Injection

The Image Optimizer plugin for WordPress is vulnerable to arbitrary file deletion in versions up to and including 1.7.4. This is due to insufficient path validation in the ImageBackup::remove function where backup file paths stored in post meta are used directly in file deletion operations withou...

8.1CVSS0.00354EPSS
Exploits0References8
CVE
CVE
added 4 days ago17 views

CVE-2026-5821

The CVE-2026-5821 entry details a vulnerability in the WordPress Image Optimizer plugin (versions up to 1.7.4). The root cause is insufficient path validation in Image_Backup::remove(), where backup file paths stored in the image_optimizer_metadata post meta are used directly for deletion without...

8.1CVSS5.9AI score0.00354EPSS
Exploits0References8
Positive Technologies
Positive Technologies
added 4 days ago6 views

PT-2026-55284

Name of the Vulnerable Software and Affected Versions TinyPNG – JPEG, PNG & WebP image compression plugin for WordPress versions prior to 3.6.14 Description Insufficient file path validation in the delete converted image size function allows authenticated attackers with author-level access or...

8.1CVSS6.3AI score0.0067EPSS
Exploits0References11
Patchstack
Patchstack
added 5 days ago4 views

WordPress Image Optimizer – Optimize Images and Convert to WebP or AVIF plugin <= 1.7.4 - Authenticated (Author+) Arbitrary File Deletion vulnerability

Authenticated Author+ Arbitrary File Deletion vulnerability discovered by Dmitrii Ignatyev - CleanTalk Inc in WordPress Plugin Image Optimizer by Elementor versions = 1.7.4...

8.1CVSS5.8AI score0.00354EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago10 views

CVE-2026-57723

CVE-2026-57723 affects the WordPress plugin VikBooking Hotel Booking Engine & PMS (e4jvikwp) up to version 1.8.12. The vulnerability is a CSRF to Arbitrary File Deletion issue, described as enabling path traversal that can delete arbitrary files. The CVE notes a HIGH impact with a CVSS 3.1 score ...

7.4CVSS5.8AI score0.00124EPSS
Exploits0References1
Patchstack
Patchstack
added 5 days ago6 views

WordPress VikBooking Hotel Booking Engine & PMS plugin <= 1.8.12 - CSRF to Arbitrary File Deletion vulnerability

CSRF to Arbitrary File Deletion vulnerability discovered by VDsec in WordPress Plugin VikBooking Hotel Booking Engine & PMS versions = 1.8.12...

7.4CVSS5.8AI score0.00124EPSS
Exploits0Affected Software1
Patchstack
Patchstack
added 5 days ago8 views

WordPress WP-BusinessDirectory – Business directory plugin for WordPress plugin <= 4.0.1 - Unauthenticated Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion vulnerability discovered by Nabil Irawan - Heroes Cyber Security in WordPress Plugin WP-BusinessDirectory versions = 4.0.1...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References1Affected Software1
CVE
CVE
added 5 days ago18 views

CVE-2026-6070

The WP-BusinessDirectory WordPress plugin (versions up to and including 4.0.1) is vulnerable to unauthenticated arbitrary file deletion via path traversal. The issue stems from insufficient path validation in the remove() method of JBusinessDirectoryControllerUpload. The task=upload.remove endpoi...

9.1CVSS5.8AI score0.00409EPSS
Exploits0References5
Patchstack
Patchstack
added 6 days ago9 views

WordPress Export User Data plugin <= 2.2.6 - Authenticated (Subscriber+) PHP Object Injection to Arbitrary File Deletion vulnerability

Authenticated Subscriber+ PHP Object Injection to Arbitrary File Deletion vulnerability discovered by Webbernaut in WordPress Plugin Export User Data versions = 2.2.6...

8CVSS5.8AI score0.00341EPSS
Exploits0References1Affected Software1
EUVD
EUVD
added 6 days ago9 views

EUVD-2026-40260

The Export User Data plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the unserialize function in all versions up to, and including, 2.2.6. This makes it possible for authenticated attackers, with subscriber-level access and above, to delet...

8CVSS6.5AI score0.00341EPSS
Exploits0References2
NVD
NVD
added last week10 views

CVE-2026-57331

Performer Arbitrary File Deletion in Paid Videochat Turnkey Site = 7.4.8 versions...

9.9CVSS0.00344EPSS
Exploits0References1
CVE
CVE
added last week12 views

CVE-2026-57331

The CVE-2026-57331 entry concerns the WordPress plugin “Paid Videochat Turnkey Site” (versions

9.9CVSS5.8AI score0.00344EPSS
Exploits0References1
Rows per page
Query Builder