CVE-2025-2932 – JKDEVKIT WordPress Arbitrary File Deletion Vulnerability

July 3, 2025

CVE ID : CVE-2025-2932

Published : July 3, 2025, 1:15 p.m. | 1 hour, 41 minutes ago

Description : The JKDEVKIT plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ‘font_upload_handler’ function in all versions up to, and including, 1.9.4. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). If WooCommerce is enabled, attackers will need Contributor-level access and above.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3702 – Melapress File Monitor Missing Authorization Vulnerability

Next Article CVE-2025-49032 – PublishPress Gutenberg Blocks Cross-Site Scripting (XSS)

Mirantis reveals Lens Prism, an AI copilot for operating Kubernetes clusters

Avoid these common platform engineering mistakes

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

Microsoft reportedly lacks the know-how to fully leverage OpenAI’s tech — despite holding IP rights

PHP 8.5.0 Alpha 1 available for testing

PHP 8.5.0 Alpha 1 available for testing

Recording cross browser compatible media

Celebrating Perficient’s Third Databricks Champion

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Microsoft Gaming studios head Matt Booty says “overall portfolio strategy is unchanged” — with more than 40 games in production

Capcom reports that its Steam game sales have risen massively — despite flagship titles like Monster Hunter Wilds receiving profuse backlash from PC players

Cloudflare is fighting to safeguard “the future of the web itself” — standing directly in the way of leading AI firms

CVE-2025-2932 – JKDEVKIT WordPress Arbitrary File Deletion Vulnerability

Critical Lucee Flaw (CVE-2025-34074, CVSS 9.4): Authenticated RCE Via Scheduled Task Abuse, Metasploit Module Out

Exposed JDWP Debug Ports Under Attack: Cryptominers Infiltrating Java Apps in Hours

CVE-2025-24015 – Deno AES-GCM Authentication Tag Validation Bypass

Windows 95 Testing Once Broke a Store’s Cash Register — Here’s Why

CVE-2025-3843 – Panhainan DS-Java CSRF Vulnerability

Rilasciato OpenSSL 3.5: Importanti aggiornamenti crittografici e novità per la sicurezza

CVE-2024-40114 – Sitecom WLX-2006 Wall Mount Range Extender XSS Language Cookie Manipulation

CVE-2025-47777 – 5ire Stored XSS and RCE Vulnerability

CVE-2024-6029 – Tesla Model S Iris Modem Firewall Bypass Vulnerability

10+ Best Free Invoice Templates for Freelance Designers & Developers

CVE-2025-2932 – JKDEVKIT WordPress Arbitrary File Deletion Vulnerability

Related Posts