4 matches found
CVE-2025-4946
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...
CVE-2025-4946 Vikinger <= 1.9.32 - Authenticated (Subscriber+) Arbitrary File Deletion via vikinger_delete_activity_media_ajax Function
The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikingerdeleteactivitymediaajax function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and...
WordPress Vikinger Theme <= 1.9.32 is vulnerable to Arbitrary File Deletion
Software Vikinger Type Theme Vulnerable versions = 1.9.32 Fixed in 1.9.33 OWASP Top 10 A1: Injection Classification Arbitrary File Deletion CVE CVE-2025-4946 Patch priority High CVSS severity High 7.7 Developer Claim ownership PSID b0a366979549 Credits Foxyyy Required privilege Subscriber Publish...