PT-2026-56916 · Stiofansisland · Userswp – Front-End Login Form

Daroo

·

Publicado

2026-07-09

·

Atualizado

2026-07-09

·

CVE-2026-13492

CVSS v3.1

8.8

Alta

VetorAV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the UsersWP Validation::validate fields() function (which falls through to sanitize text field() for fields of type 'file', leaving directory-traversal sequences intact) combined with the UsersWP Forms::upload file remove() AJAX handler building the deletion target from the uploads basedir concatenated with the attacker-controlled metadata value without any realpath canonicalization or uploads-directory boundary check before calling unlink(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the affected site's server, including wp-config.

Correção

Path traversal

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

Enumeração de Fraquezas

Identificadores relacionados

CVE-2026-13492

Produtos afetados

Userswp – Front-End Login Form