WordPress WP Fastest Cache <= 0.9.0.2 - Authenticated Arbitrary File Deletion

The WP Fastest Cache plugin for WordPress is vulnerable to unauthorized arbitrary file deletion in versions up to, and including, 0.9.0.2 due to a lack of capability checking and insufficient path validation. This makes it possible for authenticated users with minimal permissions to delete...

NCBI ToolBox - Directory Traversal

NCBI ToolBox 2.0.7 through 2.2.26 legacy versions contain a path traversal vulnerability via viewcgi.cgi which may result in reading of arbitrary files i.e., significant information disclosure or file deletion via the nph-viewgif.cgi query string. id: CVE-2018-16716 info: name: NCBI ToolBox -...

Nevma Adaptive Images - Arbitrary File Deletion

Nevma Adaptive Images plugin before 0.6.67 for WordPress contains an arbitrary file deletion caused by unsanitized input in adaptive-images-script.php, letting remote attackers delete arbitrary files, exploit requires sending specific request parameters. id: CVE-2019-14206 info: name: Nevma...

Kaswara Modern VC Addons <= 3.0.1 - Missing Authorization

The Kaswara Modern VC Addons plugin for WordPress is vulnerable to authorization bypass in versions up to, and including, 3.0.1 due to insufficient capability checking on various AJAX actions. This makes it possible for unauthenticated attackers to perform a wide variety of unauthorized actions...

EUVD-2026-37715

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

EUVD-2026-37669

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

EUVD-2025-210225

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

CVE-2026-54193

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

CVE-2026-52716

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

CVE-2025-69128 WordPress JobCareer theme <= 7.3 - Arbitrary File Deletion vulnerability

Improper Limitation of a Pathname to a Restricted Directory 'Path Traversal' vulnerability in EMV JobCareer allows Path Traversal. This issue affects JobCareer: from n/a through 7.3...

CVE-2026-2604

A flaw was found in evolution-data-server. Inconsistent comparison logic in the addressbook file backend allows a Flatpak application with D-Bus access to craft a malicious URI containing directory traversal sequences. This URI is stored without proper validation during contact creation or...

CVE-2026-27400

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

CVE-2025-69139

Unauthenticated Arbitrary File Deletion in Car Zone = 3.7 versions...

CVE-2025-60223

Subscriber Arbitrary File Deletion in WPBot Pro Wordpress Chatbot = 13.6.5 versions...

CVE-2026-52716 WordPress WorkScout-Core plugin <= 1.7.11 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

EUVD-2026-37700

Unauthenticated Arbitrary File Deletion in WorkScout-Core = 1.7.11 versions...

CVE-2026-54193 WordPress Fusion Builder plugin <= 3.15.4 - Arbitrary File Deletion vulnerability

Contributor Arbitrary File Deletion in Fusion Builder = 3.15.4 versions...

CVE-2026-27400 WordPress BookPro plugin <= 1.1.0 - Arbitrary File Deletion vulnerability

Unauthenticated Arbitrary File Deletion in BookPro = 1.1.0 versions...

CVE-2026-27400

CVE-2026-27400 affects the WordPress BookPro plugin; versions

CVE-2025-60223

CVE-2025-60223 affects the WordPress plugin WPBot Pro Wordpress Chatbot (versions