PT-2026-32991 · WordPress · Eleganzo
Published
2026-04-14
·
Updated
2026-04-15
·
CVE-2025-15470
CVSS v3.1
6.5
Medium
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:N |
Name of the Vulnerable Software and Affected Versions
Eleganzo theme for WordPress versions prior to 1.3
Description
Insufficient path validation in the
akd required plugin callback() function allows authenticated attackers with Subscriber-level access or higher to delete arbitrary directories on the server, which may include the WordPress root directory.Recommendations
Update to a version later than 1.2.
As a temporary workaround, restrict access to the
akd required plugin callback() function to minimize the risk of exploitation.Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Eleganzo