5 matches found
CVE-2025-2932
The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'fontuploadhandler' function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delet...
WordPress JKDEVKIT plugin <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability
Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by Foxyyy in WordPress Plugin JKDEVKIT versions = 1.9.4...
CVE-2025-2932
creationtimestamp| type| source ---|---|--- 2025-07-03 15:18:56+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lt2zmp6hme2m...
CVE-2025-2932
The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'fontuploadhandler' function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delet...
CVE-2025-2932 JKDEVKIT <= 1.9.4 - Authenticated (Subscriber+) Arbitrary File Deletion
The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'fontuploadhandler' function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delet...