CVE-2025-14868
The CVE affects the WordPress Career Section plugin (versions up to 1.6). The root cause is missing nonce validation and insufficient file path validation on the delete action in appform_options_page_html, enabling CSRF that can lead to Path Traversal and Arbitrary File Deletion. The vulnerabilit...