- Description
- The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all versions up to, and including, 2.1.2. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.1
- Impact score
- 5.2
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-22
- Hype score
- Not currently trending
CVE-2025-7643 Unauthenticated Arbitrary File Deletion in WordPress Attachment Manager Plugin https://t.co/tSWLUtDRFJ
@VulmonFeeds
18 Jul 2025
81 Impressions
1 Retweet
1 Like
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-7643 The Attachment Manager plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the handle_actions() function in all ve… https://t.co/eah0nrP16N
@CVEnew
18 Jul 2025
327 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
[CVE-2025-7643: CRITICAL] WordPress Attachment Manager plugin (up to v2.1.2) has a vulnerability allowing unauthenticated attackers to delete files on the server, risking remote code execution.#cve,CVE-2025-7643,#cybersecurity https://t.co/IOiI7xdMRv https://t.co/vK8VphlJ50
@CveFindCom
18 Jul 2025
36 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes