Goal Reached Thanks to every supporter — we hit 100%!

Goal: 1000 CNY · Raised: 1336 CNY

100%

CVE-2026-6070— WP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' Parameter

CVSS 9.1 · Critical EPSS 0.41% · P33

Affected Version Matrix 1

VendorProductVersion RangeStatus
cmsjunkieWP-BusinessDirectory – Business directory plugin for WordPress≤ 4.0.1affected
Get alerts for future matching vulnerabilitiesLog in to subscribe

I. Basic Information for CVE-2026-6070

Vulnerability Information

Have questions about the vulnerability? See if Shenlong's analysis helps!
View Shenlong Deep Dive ↗

Although we use advanced large model technology, its output may still contain inaccurate or outdated information.Shenlong tries to ensure data accuracy, but please verify and judge based on the actual situation.

Vulnerability Title
WP-BusinessDirectory <= 4.0.1 - Unauthenticated Arbitrary File Deletion via Path Traversal via '_filename' Parameter
Source: NVD (National Vulnerability Database)
Vulnerability Description
The WP-BusinessDirectory plugin for WordPress is vulnerable to Unauthenticated Arbitrary File Deletion in versions up to and including 4.0.1. This is due to insufficient path validation in the remove() method of the JBusinessDirectoryControllerUpload class. The task=upload.remove endpoint is accessible without authentication via the plugin's frontend routing system. The _filename parameter is accepted with RAW filter (no sanitization), and the helper function makePathFile() only normalizes directory separator characters without stripping path traversal sequences (../). When combined with the _path_type=2 parameter, which sets the base directory to the plugin's site folder, an attacker can supply a _filename value containing ../ sequences to traverse outside the plugin directory and call PHP's unlink() on arbitrary files — including wp-config.php, wp-config-backup.php, or other critical server files accessible to the web server process. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.
Source: NVD (National Vulnerability Database)
CVSS Information
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Source: NVD (National Vulnerability Database)
Vulnerability Type
文件名或路径的外部可控制
Source: NVD (National Vulnerability Database)
Vulnerability Title
cmsjunkie WP-BusinessDirectory – Business directory plugin for WordPress 输入验证错误漏洞
Source: CNNVD (China National Vulnerability Database)
Vulnerability Description
cmsjunkie WP-BusinessDirectory – Business directory plugin for WordPress是cmsjunkie个人开发者的一款网站商业目录插件。 cmsjunkie WP-BusinessDirectory – Business directory plugin for WordPress 4.0.1及之前版本存在输入验证错误漏洞,该漏洞源于对remove()方法中路径验证不足,在JBusinessDirectoryControllerUpload类中
Source: CNNVD (China National Vulnerability Database)
CVSS Information
N/A
Source: CNNVD (China National Vulnerability Database)
Vulnerability Type
N/A
Source: CNNVD (China National Vulnerability Database)

Affected Products

VendorProductAffected VersionsCPESubscribe
cmsjunkieWP-BusinessDirectory – Business directory plugin for WordPress 0 ~ 4.0.1 -

II. Public POCs for CVE-2026-6070

#POC DescriptionSource LinkShenlong Link
AI-Generated POCPremium

No public POC found.

Login to generate AI POC

III. Intelligence Information for CVE-2026-6070

登录查看更多情报信息。

Patches & Fixes for CVE-2026-6070 (3)

News Coverage for CVE-2026-6070 (1)

IV. Related Vulnerabilities

V. Comments for CVE-2026-6070

No comments yet


Leave a comment