CVE-2025-6989 – Kallyas WordPress Arbitrary Folder Deletion

July 28, 2025

CVE ID : CVE-2025-6989

Published : July 26, 2025, 8:15 a.m. | 2 days, 15 hours ago

Description : The Kallyas theme for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the delete_font() function in all versions up to, and including, 4.21.0. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary folders on the server.

Severity: 8.1 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-8184 – D-Link DIR-513 HTTP POST Request Handler Stack-Based Buffer Overflow Vulnerability

Next Article CVE-2025-8180 – Tenda CH22 Buffer Overflow Vulnerability

Highlights

CVE-2025-52902 – Apache File Browser Stored XSS Vulnerability

June 26, 2025

CVE ID : CVE-2025-52902

Published : June 26, 2025, 3:15 p.m. | 1 hour, 51 minutes ago

Description : File Browser provides a file managing interface within a specified directory and it can be used to upload, delete, preview, rename and edit files. The Markdown preview function of File Browser prior to v2.33.7 is vulnerable to Stored Cross-Site-Scripting (XSS). Any JavaScript code that is part of a Markdown file uploaded by a user will be executed by the browser. Version 2.33.7 contains a fix for the issue.

Severity: 7.6 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Web Components: Working With Shadow DOM

Google’s new Opal tool allows users to create mini AI apps with no coding required

Designing Better UX For Left-Handed People

This week in AI dev tools: Gemini 2.5 Flash-Lite, GitLab Duo Agent Platform beta, and more (July 25, 2025)

Microsoft wants you to chat with its browser now – but can you trust this Copilot?

I tested the Dell XPS’ successor – here are the biggest upgrades (and what’s the same)

I’m a Linux pro – here are my top 5 command line backup tools for desktops and servers

Should you buy a refurbished iPad? I tried one from Back Market and here’s my verdict

elegantweb/sanitizer

elegantweb/sanitizer

Streamlined String Encryption with Laravel’s Fluent Methods

Resume PHP

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

Gamers bypass UK age verification with Death Stranding — no real face or VPN required

New Xbox games launching this week, from July 28 through August 3 — Grounded 2 arrives on Xbox Game Pass

TikTok’s owner forked Microsoft’s Visual Studio Code and concerns have been raised — reports suggest it’s resource heavy and never stops ‘phoning home’

CVE-2025-6989 – Kallyas WordPress Arbitrary Folder Deletion

Tea Dating Advice app spills sensitive data

Critical Flaws in Niagara Framework Threaten Smart Buildings and Industrial Systems Worldwide

How Title Tags Help you to Rank On SERPs

8 Venture Firms in Cybersecurity Making Big Moves in 2025

CVE-2025-4391 – WordPress Echo RSS Feed Post Generator Arbitrary File Upload Vulnerability

Extract Metadata from Images in the Browser Using JavaScript and EXIF

CVE-2025-52902 – Apache File Browser Stored XSS Vulnerability

T-Mobile will give you the iPhone 16e for free with no trade-in – here’s how to get one

Community News: Latest PEAR Releases (05.26.2025)

CVE-2025-6566 – Oatpp Oat++ JSON DeserializeArray Stack-Based Buffer Overflow Vulnerability

CVE-2025-6989 – Kallyas WordPress Arbitrary Folder Deletion

Related Posts