EUVD-2026-32736

The WP Contact Form 7 DB Handler plugin for WordPress is vulnerable to Cross-Site Request Forgery leading to Arbitrary File Deletion via SQL Injection and PHP Object Injection in versions up to and including 3.0. This is due to a missing nonce verification in the processbulkaction function, the...

EUVD-2025-29027

Malicious code in bioql PyPI...

CVE-2025-8575

CVE-2025-8575 concerns the LWS Cleaner WordPress plugin (versions up to and including 2.4.1.3). The vulnerability is an authenticated (Administrator+) arbitrary file deletion via the lws_cl_delete_file function, enabling an attacker with admin rights to delete server files (potentially enabling r...

CVE-2025-8575 LWS Cleaner <= 2.4.1.3 - Authenticated (Administrator+) Arbitrary File Deletion via 'lws_cl_delete_file'

The LWS Cleaner plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'lwscldeletefile' function in all versions up to, and including, 2.4.1.3. This makes it possible for authenticated attackers, with Administrator-level access and above, to...

CVE-2025-9937

A security flaw has been discovered in elunez eladmin 1.1. Impacted is the function deleteFile of the component LocalStorageController. The manipulation results in improper authorization. The attack may be performed from remote. The exploit has been released to the public and may be exploited...

CVE-2025-5391

The WooCommerce Purchase Orders plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deletefile function in all versions up to, and including, 1.0.2. This makes it possible for authenticated attackers, with Subscriber-level access and above...

CVE-2025-8132

A vulnerability was found in yanyutao0402 ChanCMS up to 3.1.2. It has been rated as critical. Affected by this issue is the function delfile of the file app/extend/utils.js. The manipulation leads to path traversal. The attack may be launched remotely. The exploit has been disclosed to the public...

Smart PLC AC14xx and Smart PLC AC4xxS Operating System Command Injection Vulnerability

The ifm electronic Smart PLC AC14xx and ifm electronic Smart PLC AC4xxS are a series of hosts/gateways from ifm electronic Germany. An operating system command injection vulnerability exists in Smart PLC AC14xx and Smart PLC AC4xxS versions 4.3.17 and earlier, which originates from a remote...

PT-2023-23100 · Kylinsoft · Youker-Assistant

Name of the Vulnerable Software and Affected Versions: KylinSoft youker-assistant versions prior to 3.0.2-0kylin6k70-23 Description: A critical issue was found in the delete file function of the dbus.SystemBus library in the Arbitrary File Handler component, leading to improper access controls...

bloofoxCMS 路径遍历漏洞

bloofoxCMS is a Php-based text content management system by the individual developer of bloofoxCMS. A security vulnerability exists in bloofoxCMS version v0.5.2, which stems from the discovery of an arbitrary file deletion vulnerability contained via the deletefile function...

PT-2023-21361 · Bloofox · Bloofox

Name of the Vulnerable Software and Affected Versions: bloofox version 0.5.2 Description: The issue is related to an arbitrary file deletion vulnerability. This vulnerability can be exploited via the delete file function. Recommendations: For bloofox version 0.5.2, consider disabling the delete...