Back to CVE List

CVE-2025-8213

Vulnerability Description

The NinjaScanner – Virus & Malware scan plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'nscan_ajax_quarantine' and 'nscan_quarantine_select' functions in all versions up to, and including, 3.2.5. This makes it possible for authenticated attackers, with Administrator-level access and above, to delete arbitrary files on the server, including files outside the WordPress root directory.

Vulnerability Details

Published Date
Last Modified
Source
NVD

Discussion (0)

Add Comment

No comments yet. Be the first!