PT-2026-2350 · WordPress · E-Xact | Hosted Payment | Wordpress Plugin
Khaled Alenazi
·
Published
2026-01-13
·
Updated
2026-01-13
·
CVE-2025-14829
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
E-xact | Hosted Payment | WordPress plugin versions through 2.0
Description
The E-xact | Hosted Payment | WordPress plugin through version 2.0 contains a flaw due to inadequate file path validation, allowing unauthenticated attackers to delete arbitrary files on the server. The vulnerability enables file deletion without requiring authentication.
Recommendations
Update E-xact | Hosted Payment | WordPress plugin to a version later than 2.0.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
E-Xact | Hosted Payment | Wordpress Plugin