Lucene search
K

4 matches found

NVD
NVD
added 2025/04/18 2:15 a.m.19 views

CVE-2025-3520

The Avatar plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in a function in all versions up to, and including, 0.1.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the...

8.1CVSS0.00853EPSS
Exploits0References3
Circl
Circl
added 2025/04/18 1:58 a.m.9 views

CVE-2025-3520

creationtimestamp| type| source ---|---|--- 2025-04-18 01:58:03+00:00| published-proof-of-concept| https://t.me/DarkWebInformerCVEAlerts/12379 2025-04-18 02:48:24+00:00| seen| https://mastodon.social/users/CyberSignaler/statuses/114356682976579069 2025-04-18 04:00:19+00:00| seen|...

8.1CVSS7.8AI score0.00853EPSS
Exploits0References4
CVE
CVE
added 2025/04/18 1:44 a.m.70 views

CVE-2025-3520

CVE-2025-3520 affects the WordPress Avatar plugin (versions ≤ 0.1.4). The root cause is insufficient file path validation in a function, enabling authenticated users with Subscriber+ access to delete arbitrary server files (e.g., wp-config.php), with potential remote code execution. Public entrie...

8.1CVSS8.2AI score0.00853EPSS
Exploits0References3
Patchstack
Patchstack
added 2025/04/17 5:22 p.m.10 views

WordPress Avatar plugin <= 0.1.4 - Authenticated (Subscriber+) Arbitrary File Deletion vulnerability

Authenticated Subscriber+ Arbitrary File Deletion vulnerability discovered by theviper17y in WordPress Plugin Avatar versions = 0.1.4...

8.1CVSS8.4AI score0.00853EPSS
Exploits0References1Affected Software1
Rows per page
Query Builder