Back to CVE List

CVE-2026-12979

MEDIUM SEVERITY

CVSS Score & Metrics

Base Score
5.5 / 10
Vector String
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:N/I:L/A:L

Vulnerability Description

The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable other FunnelKit WordPress plugin before 3.15.0.6 or (denial of service).

Vulnerability Details

Published Date
Last Modified
CWE ID
CWE-73
Source
NVD
Vendor
Unknown
Product
FunnelKit

External References

Discussion (0)

Add Comment

No comments yet. Be the first!