CVE-2025-14675

Name of the Vulnerable Software and Affected Versions Meta Box versions prior to 5.11.2

Description The Meta Box plugin for WordPress is susceptible to arbitrary file deletion. This is due to inadequate file path validation within the ajax delete file function. Authenticated attackers possessing Contributor-level access or higher can delete arbitrary files on the server. Deletion of specific files, such as wp-config.php, could lead to remote code execution.

Recommendations Update Meta Box to version 5.11.2 or later.