- Description
- The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteImage() function in all versions up to, and including, 7.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.1
- Impact score
- 5.2
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-23
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
1
به تازگی برای پلاگین Wordpress به نام WP Ultimate CSV Importer ، آسیب پذیری با کدهای شناسایی CVE-2025-2008 و CVE-2025-2007 از نوع file upload و File Deletion منتشر شده است. ۲۰ هزار وب سایت در حال حاضر در معرض هک شدن می باشند. https://t.co/Poz3aKY03t https://t.co/IrT8EJ1OYK
@AmirHossein_sec
4 Apr 2025
11 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2007 The Import Export Suite for CSV and XML Datafeed plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the deleteIma… https://t.co/wtijC8jNbj
@CVEnew
1 Apr 2025
199 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2007 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-01 05:15:47 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/5Mzkxm8iRA
@vulns_space
1 Apr 2025
21 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes