CVE-2025-12835

The WooMulti WordPress plugin through 17 does not validate a file parameter when deleting files, which could allow any authenticated users, such as subscriber to delete arbitrary files on the server.
ProviderTypeBase ScoreAtk. VectorAtk. ComplexityPriv. RequiredVector
NISTNIST
7.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
WPScanCNA
---
---
CISA-ADPADP
7.3 HIGH
NETWORK
LOW
LOW
CVSS:3.1/AV:N/AC:L/PR:L/UI:R/S:U/C:N/I:H/A:H
Awaiting analysis
This vulnerability is currently awaiting analysis.
Base Score
CVSS 3.x
EPSS Score
Percentile: Unknown
References
https://wpscan.com/vulnerability/1650ddac-04c7-47fa-b03e-bd0338243fcc/