CVE-2025-7778 – WordPress Icons Factory Plugin Arbitrary File Deletion Vulnerability

August 15, 2025

CVE ID : CVE-2025-7778

Published : Aug. 15, 2025, 9:15 a.m. | 14 hours, 53 minutes ago

Description : The Icons Factory plugin for WordPress is vulnerable to Arbitrary File Deletion due to insufficient authorization and improper path validation within the delete_files() function in all versions up to, and including, 1.6.12. This makes it possible for unauthenticated attackers to to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-9023 – Tenda AC7/AC18 Buffer Overflow in formSetSchedLed

Next Article CVE-2025-6679 – Bit Form for WordPress Remote File Upload Vulnerability

Highlights

CVE-2025-6738 – Huija Bicycle Sharing Server SQL Injection Vulnerability

June 26, 2025

CVE ID : CVE-2025-6738

Published : June 27, 2025, 1:15 a.m. | 19 minutes ago

Description : A vulnerability, which was classified as critical, has been found in huija bicycleSharingServer up to 7b8a3ba48ad618604abd4797d2e7cf3b5ac7625a. Affected by this issue is the function userDao.selectUserByUserNameLike of the file UserServiceImpl.java. The manipulation of the argument Username leads to sql injection. The attack may be launched remotely. The exploit has been disclosed to the public and may be used. This product is using a rolling release to provide continious delivery. Therefore, no version details for affected nor updated releases are available.

Severity: 6.3 | MEDIUM

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

The Psychology Of Color In UX Design And Digital Products

This week in AI dev tools: Claude Sonnet 4’s larger context window, ChatGPT updates, and more (August 15, 2025)

Sentry launches MCP monitoring tool

10 Benefits of Hiring a React.js Development Company (2025–2026 Edition)

I flew Insta360’s new ‘Antigravity’ drone around Los Angeles, and it was impossible to miss a shot

The $100 open-ear headphones that made me forget about my Shokz

5 quick and simple ways to greatly improve the quality of your headphones

Installing a UPS battery backup saved my work PC – here’s the full story

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

Minesweeper game in 100 lines of pure JavaScript – easy tutorial

Maintaining Data Consistency with Laravel Database Transactions

Building a Multi-Step Form With Laravel, Livewire, and MongoDB

5 Best VPN for Lenovo Laptops to Enjoy the Web Safely

5 Best VPN for Lenovo Laptops to Enjoy the Web Safely

3 Best Antivirus and Malware Protection Software

11 Best Antivirus Without Ads

CVE-2025-7778 – WordPress Icons Factory Plugin Arbitrary File Deletion Vulnerability

CVE-2025-49895 – PluginBuddy.Com ServerBuddy CSRF Object Injection Vulnerability

CVE-2025-3671 – “WordPress Gym Management System – Local File Inclusion Vulnerability”

CVE-2025-30973 – Codexpert, Inc CoSchool LMS Deserialization of Untrusted Data Object Injection

Can Artificial Intelligence Replace Humans?

DeaDBeeF 1.10 Release Brings New Features

CVE-2025-6159 – Code-Projects Hostel Management System SQL Injection Vulnerability

CVE-2025-6738 – Huija Bicycle Sharing Server SQL Injection Vulnerability

Microsoft Offers Six-Month Security Updates for Exchange and Skype Beyond 2025

CVE-2025-20996 – Samsung Smart Switch Authorization Bypass

CVE-2025-47642 – Ajar Productions Ajar in5 Embed Unrestricted File Upload Vulnerability

CVE-2025-7778 – WordPress Icons Factory Plugin Arbitrary File Deletion Vulnerability

Related Posts