CVE-2025-4946 – Vikinger WordPress Theme Arbitrary File Deletion Vulnerability

July 2, 2025

CVE ID : CVE-2025-4946

Published : July 2, 2025, 10:15 a.m. | 1 hour, 28 minutes ago

Description : The Vikinger theme for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the vikinger_delete_activity_media_ajax() function in all versions up to, and including, 1.9.32. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php). Note: Requires Vikinger Media plugin to be installed and active.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-39362 – Mollie Payments for WooCommerce Missing Authorization

Next Article CVE-2025-2330 – Elementor WidgetKit WordPress Stored Cross-Site Scripting

Highlights

CVE-2025-3054 – WordPress WP User Frontend Pro Plugin Arbitrary File Upload Vulnerability

June 5, 2025

CVE ID : CVE-2025-3054

Published : June 5, 2025, 6:15 a.m. | 42 minutes ago

Description : The WP User Frontend Pro plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the upload_files() function in all versions up to, and including, 4.1.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible. Please note that this requires the ‘Private Message’ module to be enabled and the Business version of the PRO software to be in use.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Full-Stack Techies vs Toptal: Which Is Better for React.js Outsourcing?

The AI productivity paradox in software engineering: Balancing efficiency and human skill retention

The impact of gray work on software development

CSS Intelligence: Speculating On The Future Of A Smarter Language

Your Roku has secret menus and screens – here’s how to unlock them

Add Paramount+, STARZ, and more to your Prime Video account for $0.99 a month – here’s how

My new favorite keychain accessory gives me 2TB of SSD storage instantly

HP’s latest OmniBook finally sold me on the 2-in-1 form factor (and it’s on sale)

Simplifying Stream Handling with Laravel’s resource Method

Simplifying Stream Handling with Laravel’s resource Method

Intelligent Parsing and Formatting of Names in PHP Applications

This Week in Laravel: Cursor Rules, Nightwatch Review, and Race Conditions

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Microsoft confirms Windows 11 KB5060829 issues, but you can safely ignore it

Hash Calculator – calculates around 50 cryptographic hashes of strings and files

Rilasciato Thunderbird 140 ESR: Un’attenzione alle esigenze aziendali

CVE-2025-4946 – Vikinger WordPress Theme Arbitrary File Deletion Vulnerability

Apache Tomcat and Camel Vulnerabilities Actively Exploited in The Wild

Grafana releases critical security update for Image Renderer plugin

As a golfer, this is the smartwatch I recommend most on the course

CVE-2025-4263 – PHPGurukul Online DJ Booking Management System SQL Injection Vulnerability

My new favorite iPhone portable charger has a magnetic superpower – and it’s cheap

OThink-R1: A Dual-Mode Reasoning Framework to Cut Redundant Computation in LLMs

CVE-2025-3054 – WordPress WP User Frontend Pro Plugin Arbitrary File Upload Vulnerability

Distribution Release: Wifislax 4.0

Is Chrome Copying Edge? ‘Omnibox Tools’ Bring Edge-Style Address Bar Shortcuts

A Coding Implementation for Advanced Multi-Head Latent Attention and Fine-Grained Expert Segmentation

CVE-2025-4946 – Vikinger WordPress Theme Arbitrary File Deletion Vulnerability

Related Posts