CVE-2019-14206

Name of the Vulnerable Software and Affected Versions Nevma Adaptive Images plugin versions prior to 0.6.67

Description The issue allows remote attackers to delete arbitrary files via the adaptive-images-settings parameter in adaptive-images-script.php. This is achieved by exploiting the $REQUEST['adaptive-images-settings'] parameter.

Recommendations For versions prior to 0.6.67, update to version 0.6.67 or later to resolve the issue. As a temporary workaround, consider restricting access to the adaptive-images-script.php file until a patch is available. Avoid using the adaptive-images-settings parameter in the affected API endpoint until the issue is resolved.