CVE-2025-67846

Published Dec 19, 2025

Last updated a month ago

WordPress

User Extra Fields

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-67846 refers to an arbitrary file deletion vulnerability found in the WordPress User Extra Fields plugin for WordPress. This vulnerability exists due to insufficient file path validation in the `save_fields()` function, affecting all versions up to and including 16.7. The vulnerability makes it possible for authenticated attackers with Subscriber-level access and above to delete arbitrary files on the server. This can potentially lead to remote code execution if critical files, such as `wp-config.php`, are deleted.

Description: The Deployment Infrastructure in Mintlify Platform before 2025-11-15 allows remote attackers to bypass security patches and execute downgrade attacks via predictable deployment identifiers on the Vercel preview domain. An attacker can identify the URL structure of a previous deployment that contains unpatched vulnerabilities. By browsing directly to the specific git-ref or deployment-id subdomain, the attacker can force the application to load the vulnerable version.
Source: cve@mitre.org
NVD status: Analyzed
CNA Tags: exclusively-hosted-service
Products: mintlify

Risk scores

CVSS 3.1

Type: Primary
Base score: 6.5
Impact score: 2.5
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:L/I:L/A:N
Severity: MEDIUM

Weaknesses

cve@mitre.org: CWE-472

Hype score: Not currently trending

Configurations

[
  {
    "nodes": [
      {
        "negate": false,
        "cpeMatch": [
          {
            "criteria": "cpe:2.3:a:mintlify:mintlify:*:*:*:*:*:*:*:*",
            "vulnerable": true,
            "matchCriteriaId": "4E599124-4B00-4D5C-ADB5-EC4564D3E5BF",
            "versionEndExcluding": "2025-11-15"
          }
        ],
        "operator": "OR"
      }
    ]
  }
]

References

Sources include official advisories and independent security research.