CVE-2025-67846

Overview

AI description

Automated description summarized from trusted sources.

CVE-2025-67846 refers to an arbitrary file deletion vulnerability found in the WordPress User Extra Fields plugin for WordPress. This vulnerability exists due to insufficient file path validation in the `save_fields()` function, affecting all versions up to and including 16.7. The vulnerability makes it possible for authenticated attackers with Subscriber-level access and above to delete arbitrary files on the server. This can potentially lead to remote code execution if critical files, such as `wp-config.php`, are deleted.

Description: -

Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.

Hype score: 19

CVE-2025-67842 CVE-2025-67843 CVE-2025-67844 CVE-2025-67845 CVE-2025-67846 w/ @hackermondev, @MDLcsgo
@xyz3va
13 Dec 2025
15713 Impressions
14 Retweets
273 Likes
70 Bookmarks
14 Replies
3 Quotes

References

Sources include official advisories and independent security research.

https://www.cve.org/CVERecord?id=CVE-2025-67846

Overview

AI description

Social media

References