PT-2026-2350 · WordPress · E-Xact | Hosted Payment | Wordpress Plugin

Khaled Alenazi

Publicado

2026-01-13

Atualizado

2026-01-13

CVE-2025-14829

CVSS v3.1

9.1

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Name of the Vulnerable Software and Affected Versions E-xact | Hosted Payment | WordPress plugin versions through 2.0

Description The E-xact | Hosted Payment | WordPress plugin through version 2.0 contains a flaw due to inadequate file path validation, allowing unauthenticated attackers to delete arbitrary files on the server. The vulnerability enables file deletion without requiring authentication.

Recommendations Update E-xact | Hosted Payment | WordPress plugin to a version later than 2.0.

Exploit

Correção

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Identificadores relacionados

CVE-2025-14829

Produtos afetados

E-Xact | Hosted Payment | Wordpress Plugin

PT-2026-2350 · WordPress · E-Xact | Hosted Payment | Wordpress Plugin

CVE-2025-14829

Identificadores relacionados

Produtos afetados

Referências · 4