- Description
- The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions up to, and including, 1.1. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
CVE-2025-6065 (CVSS:9.1, CRITICAL) is Awaiting Analysis. The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path..https://t.co/Pxv14j4Ekp #cybersecurityawareness #cybersecurity #CVE #infosec #hacker #nvd #mitre
@cracbot
19 Jun 2025
9 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-6065 The Image Resizer On The Fly plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'delete' task in all versions… https://t.co/1pViXe8zc8
@CVEnew
14 Jun 2025
854 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-6065: CRITICAL] WordPress Image Resizer On The Fly plugin (up to v1.1) has a serious security flaw allowing unauthenticated attackers to delete files on the server, leading to potential remote code e...#cve,CVE-2025-6065,#cybersecurity https://t.co/Tfnwf1Ea6I https://t.
@CveFindCom
14 Jun 2025
63 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes