File Deletion Vulnerability in WooMulti WordPress Plugin by WooMulti
CVE-2025-12835
Key Information:
Badges
What is CVE-2025-12835?
The WooMulti WordPress plugin, up to version 17, contains a security flaw that fails to validate the file parameter during file deletion processes. This oversight enables authenticated users, including those with subscriber-level access, to delete arbitrary files from the server. Such a vulnerability poses a significant risk of unauthorized file removal, potentially leading to data loss or server compromise. Website administrators are encouraged to implement immediate measures to mitigate this issue and ensure that user permissions are appropriately configured.
Affected Version(s)
WooMulti 0 <= 1.7
Exploit Proof of Concept (PoC)
PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.