PT-2026-56916 · Stiofansisland · Userswp – Front-End Login Form
Daroo
·
Publicado
2026-07-09
·
Atualizado
2026-07-09
·
CVE-2026-13492
CVSS v3.1
8.8
Alta
| Vetor | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWP Validation::validate fields() function (which falls through to sanitize text field() for fields of type 'file', leaving directory-traversal sequences intact) combined with the UsersWP Forms::upload file remove() AJAX handler building the deletion target from the uploads basedir concatenated with the attacker-controlled metadata value without any realpath canonicalization or uploads-directory boundary check before calling unlink(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the affected site's server, including wp-config.
Correção
Path traversal
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Userswp – Front-End Login Form