3 matches found
CVE-2025-2004
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpedeletefile AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...
CVE-2025-2004
creationtimestamp| type| source ---|---|--- 2025-04-08 04:46:35+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/10845 2025-04-08 05:40:28+00:00| seen| https://bsky.app/profile/cyberalerts.bsky.social/post/3lmbr75tm2k2h 2025-04-08 07:01:28+00:00| seen|...
CVE-2025-2004 Simple WP Events <= 1.8.17 - Unauthenticated Arbitrary File Deletion
The Simple WP Events plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the wpedeletefile AJAX action in all versions up to, and including, 1.8.17. This makes it possible for unauthenticated attackers to delete arbitrary files on the server,...