Arbitrary File Deletion Vulnerability in FormGent WordPress Plugin
CVE-2025-10916
Currently unrated
Key Information:
Badges
👾 Exploit Exists🟡 Public PoC
What is CVE-2025-10916?
The FormGent WordPress plugin before version 1.0.4 has a security flaw that allows unauthenticated attackers to delete any file on the server due to a lack of proper file path validation. This vulnerability poses a severe risk, enabling malicious actors to compromise the integrity of the web application by removing critical files, which could lead to further exploits or unauthorized access.
Affected Version(s)
FormGent 0 < 1.0.4
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.