CVE-2025-4828

Name of the Vulnerable Software and Affected Versions: Support Board plugin for WordPress versions prior to 3.8.1

Description: The Support Board plugin for WordPress is susceptible to arbitrary file deletion due to inadequate file path validation within the sb file delete function. This flaw allows attackers to delete arbitrary files on the server, potentially leading to remote code execution if critical files, such as wp-config.php, are targeted. Exploitation of this issue does not require authentication.

Recommendations: Update the Support Board plugin to version 3.8.1 or later.