CVE-2025-9048 – WordPress Wptobe-memberships Plugin File Deletion Vulnerability

August 23, 2025

CVE ID : CVE-2025-9048

Published : Aug. 23, 2025, 5:15 a.m. | 19 hours, 54 minutes ago

Description : The Wptobe-memberships plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the del_img_ajax_call() function in all versions up to, and including, 3.4.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-7841 – Sertifier Certificate & Badge Maker for WordPress – Tutor LMS Cross-Site Request Forgery (CSRF)

Next Article CVE-2025-7842 – Silencesoft RSS Reader Plugin CSRF Vulnerability

A Week In The Life Of An AI-Augmented Designer

This week in AI updates: Gemini Code Assist Agent Mode, GitHub’s Agents panel, and more (August 22, 2025)

Microsoft adds Copilot-powered debugging features for .NET in Visual Studio

Blackstone portfolio company R Systems Acquires Novigo Solutions, Strengthening its Product Engineering and Full-Stack Agentic-AI Capabilities

Google Pixel 10 Pro vs. iPhone 16 Pro: I’ve used both handsets, and there’s a clear winner

Master these 48 Windows keyboard shortcuts and finish work early

Why the Pixel 10 is making this longtime iPhone user reconsider their next phone

Google Pixel 10 Pro Fold vs. Samsung Galaxy Z Fold 7: I compared both Androids, and here’s the winner

PERFIXION 2025: Powering AI Ideas

PERFIXION 2025: Powering AI Ideas

MongoDB Data Types

Building Cross-Platform Alerts with Laravel’s Notification Framework

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Gears of War returns, Helldivers 2 jumps ship, and Xbox players win big — Xbox’s Aug 25–31 lineup proves the console war is getting interesting again

Reports say Windows 11 update is bricking drives — is yours on the list?

Razer finally remembered I don’t live in China, so now we can all get this cool Gengar gaming headset

CVE-2025-9048 – WordPress Wptobe-memberships Plugin File Deletion Vulnerability

Malicious Go Module Poses as SSH Brute-Force Tool, Steals Credentials via Telegram Bot

CVE-2025-8208 – Spexo Addons for Elementor WordPress Stored Cross-Site Scripting

CVE-2025-20136 – Cisco Secure Firewall ASA/FTD DNS Inspection NAT Loop Denial of Service (DoS) Vulnerability

New Pixel 9a update limits its battery to extend its life – how it works

WiseMapping – web-based mind mapping tool

GitHub Advisory Database by the numbers: Known security vulnerabilities and what you can do about them

The Cryptography Handbook: Exploring RSA PKCSv1.5, OAEP, and PSS

Microsoft brings AI model building to macOS with new Foundry tool

Streamline personalization development: How automated ML workflows accelerate Amazon Personalize implementation

Top 5 Scariest Zombie Botnets

CVE-2025-9048 – WordPress Wptobe-memberships Plugin File Deletion Vulnerability

Related Posts