WordPress User Extra Fields <= 16.6 Unauthenticated Arbitrary File Deletion

From this webpage screenshot, the following key vulnerability information can be obtained: 1. Vulnerability Name: WordPress User Extra Fields <= 16.6 - Unauthenticated Arbitrary File Deletion 2. Vulnerability Type: Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) 3. CVSS Score: 9.8 (Critical) 4. Public Release Date: November 12, 2024 5. Last Updated Date: November 13, 2024 6. Researcher: Chloe Chamberland - Wordfence 7. Affected Versions: <= 16.6 8. Fixed Version: 16.7 9. Vulnerability Description: The WordPress User Extra Fields plugin contains an unauthenticated arbitrary file deletion vulnerability. Due to insufficient validation of file paths in the function, unauthorized attackers can delete any file on the server, potentially leading to remote code execution. 10. Reference Link: codecanyon.net 11. Vulnerability Database: Wordfence Intelligence Vulnerability Database 12. Vulnerability Score: 9.8 (Critical) 13. Vulnerability Public Date: November 12, 2024 14. Vulnerability Update Date: November 13, 2024 15. Researcher: Chloe Chamberland - Wordfence 16. Affected Versions: <= 16.6 17. Fixed Version: 16.7 18. Vulnerability Description: The WordPress User Extra Fields plugin contains an unauthenticated arbitrary file deletion vulnerability. Due to insufficient validation of file paths in the function, unauthorized attackers can delete any file on the server, potentially leading to remote code execution. 19. Reference Link: codecanyon.net 20. Vulnerability Database: Wordfence Intelligence Vulnerability Database 21. Vulnerability Score: 9.8 (Critical) 22. Vulnerability Public Date: November 12, 2024 23. Vulnerability Update Date: November 13, 2024 24. Researcher: Chloe Chamberland - Wordfence 25. Affected Versions: <= 16.6 26. Fixed Version: 16.7 27. Vulnerability Description: The WordPress User Extra Fields plugin contains an unauthenticated arbitrary file deletion vulnerability. Due to insufficient validation of file paths in the function, unauthorized attackers can delete any file on the server, potentially leading to remote code execution. 28. Reference Link: codecanyon.net 29. Vulnerability Database: Wordfence Intelligence Vulnerability Database 30. Vulnerability Score: 9.8 (Critical) 31. Vulnerability Public Date: November 12, 2024 32. Vulnerability Update Date: November 13, 2024 33. Researcher: Chloe Chamberland - Wordfence 34. Affected Versions: <= 16.6 35. Fixed Version: 16.7 36. Vulnerability Description: The WordPress User Extra Fields plugin contains an unauthenticated arbitrary file deletion vulnerability. Due to insufficient validation of file paths in the function, unauthorized attackers can delete any file on the server, potentially leading to remote code execution. 37. Reference Link: codecanyon.net 38. Vulnerability Database: Wordfence Intelligence Vulnerability Database 39. Vulnerability Score: 9.8 (Critical) 40. Vulnerability Public Date: November 12, 2024 41. Vulnerability Update Date: November 13, 2024 42. Researcher: Chloe Chamberland - Wordfence 43. Affected Versions: <= 16.6 44. Fixed Version: 16.7 45. Vulnerability Description: The WordPress User Extra Fields plugin contains an unauthenticated arbitrary file deletion vulnerability. Due to insufficient validation of file paths in the function, unauthorized attackers can delete any file on the server, potentially leading to remote code execution. 46. Reference Link: codecanyon.net 47. Vulnerability Database: Wordfence Intelligence Vulnerability Database 48. Vulnerability Score: 9.8 (Critical) 49. Vulnerability Public Date: November 12, 2024 50. Vulnerability Update Date: November 13, 2024 51. Researcher: Chloe Chamberland - Wordfence 52. Affected Versions: <= 16.6 53. Fixed Version: 16.7 54. Vulnerability Description: The WordPress User Extra Fields plugin contains an unauthenticated arbitrary file deletion vulnerability. Due to insufficient validation of file paths in the function, unauthorized attackers can delete any file on the server, potentially leading to remote code execution. 55. Reference Link: codecanyon.net 56. Vulnerability Database: Wordfence Intelligence Vulnerability Database 57. Vulnerability Score: 9.8 (Critical) 58. Vulnerability Public Date: November 12, 2024 59. Vulnerability Update Date: November 13, 2024 60. Researcher: Chloe Chamberland - Wordfence 61. Affected Versions: <= 16.6 62. Fixed Version: 16.7 63. Vulnerability Description: The WordPress User Extra Fields plugin contains an unauthenticated arbitrary file deletion vulnerability. Due to insufficient validation of file paths in the function, unauthorized attackers can delete any file on the server, potentially leading to remote code execution. 64. Reference Link: codecanyon.net 65. Vulnerability Database: Wordfence Intelligence Vulnerability Database 66. Vulnerability Score: 9.8 (Critical) 67. Vulnerability Public Date: November 12, 2024 68. Vulnerability Update Date: November 13, 2024 69. Researcher: Chloe Chamberland - Wordfen

Goal Reached Thanks to every supporter — we hit 100%!

WordPress User Extra Fields <= 16.6 Unauthenticated Arbitrary File Deletion

More from this source