Descrição
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the ‘zetra_deleteLanguageFile’ and ‘zetra_deleteFontsFile’ functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete language files.
Software
Não informado
Tipo Software
Plugin
CVE
CVE-2024-11615
Tags
Nâo informado
Data de publicação
05/05/2025
Última atualização
06/05/2025
Pontuação em CVSS 3.0
5.3
Médio