2 matches found
CVE-2024-11615 Envolve Plugin <= 1.0 - Unauthenticated Language File Deletion
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetradeleteLanguageFile' and 'zetradeleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes ...
WordPress Envolve plugin <= 1.0 - Unauthenticated Language File Deletion vulnerability
Unauthenticated Language File Deletion vulnerability discovered by István Márton in WordPress Plugin Envolve Plugin versions = 1.0...