CVE-2025-3055 – WordPress User Frontend Pro File Deletion Vulnerability

June 5, 2025

CVE ID : CVE-2025-3055

Published : June 5, 2025, 6:15 a.m. | 59 minutes ago

Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the delete_avatar_ajax() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-5639 – PHPGurukul Notice Board System SQL Injection Vulnerability

Next Article CVE-2025-3054 – WordPress WP User Frontend Pro Plugin Arbitrary File Upload Vulnerability

Highlights

CVE-2025-3521 – “WordPress Team Members Stored Cross-Site Scripting”

May 1, 2025

CVE ID : CVE-2025-3521

Published : May 1, 2025, 7:15 a.m. | 55 minutes ago

Description : The Team Members – Best WordPress Team Plugin with Team Slider, Team Showcase & Team Builder plugin for WordPress is vulnerable to Stored Cross-Site Scripting via Social Link icons in all versions up to, and including, 3.4.0 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with Contributor-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.

Severity: 6.4 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Case For Minimal WordPress Setups: A Contrarian View On Theme Frameworks

How To Fix Largest Contentful Paint Issues With Subpart Analysis

How To Prevent WordPress SQL Injection Attacks

AI is currently in its teenage years, battling raging hormones

4 ways your organization can adapt and thrive in the age of AI

Google’s new Search tool turns financial info into interactive charts – how to try it

This rugged Android phone has something I’ve never seen on competing models

Anthropic’s new AI models for classified info are already in use by US gov

Handling PostgreSQL Migrations in Node.js

Handling PostgreSQL Migrations in Node.js

How to Add Product Badges in Optimizely Configured Commerce Spire

Salesforce Health Check Assessment Unlocks ROI

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Microsoft: Run PS script now if you deleted “inetpub” on Windows 11, Windows 10

Spf Permerror Troubleshooting Guide For Better Email Deliverability Today

Amap – Gather Info in Easy Way

CVE-2025-3055 – WordPress User Frontend Pro File Deletion Vulnerability

Leadership, Trust, and Cyber Hygiene: NCSC’s Guide to Security Culture in Action

CISA Alert: Critical Vulnerabilities Found in CyberData SIP Emergency Intercom Devices

SuperLight Photonics partners with Precision Technologies to expand into Southeast Asia

Netflix Introduces Go-with-the-Flow: Motion-Controllable Video Diffusion Models Using Real-Time Warped Noise

Illicit crypto-miners pouncing on lazy DevOps configs that leave clouds vulnerable

CVE-2025-5231 – PHPGurukul Company Visitor Management System SQL Injection Vulnerability

CVE-2025-3521 – “WordPress Team Members Stored Cross-Site Scripting”

Perplexity is the AI tool Google wishes Gemini could be

The difference between a product and a project

AppFlowy is an open source alternative to Notion

CVE-2025-3055 – WordPress User Frontend Pro File Deletion Vulnerability

Related Posts