CVE-2025-28980
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-28980 is a Path Traversal vulnerability in the WordPress plugin 'Aviation Weather from NOAA' (versions up to 0.7.2). It allows an attacker with subscriber-level privileges to perform arbitrary file deletion on the affected website. This means the attacker can delete important files, potentially causing the website to break or stop functioning properly. The vulnerability falls under the OWASP Top 10 category A3: Injection and has a high severity score of 7.7. [1]
How can this vulnerability impact me? :
This vulnerability can severely impact your website by allowing an attacker to delete core files, which can cause the website to malfunction or become completely inoperable. Since the plugin is abandoned with no official fix, the risk remains high unless mitigated by a virtual patch or by removing the plugin. Simply deactivating the plugin does not remove the security risk. In case of an attack, professional incident response and server-side malware scanning are recommended. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attempts to exploit arbitrary file deletion by users with subscriber-level privileges. Since the vulnerability allows path traversal leading to file deletion, network or system logs should be inspected for suspicious requests targeting file paths outside the intended directories. Professional incident response and server-side malware scanning are recommended for thorough detection, as plugin-based scanners may be unreliable. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack to block attacks exploiting this vulnerability until an official fix is released. If applying the virtual patch is not possible, users are strongly advised to remove and replace the vulnerable plugin altogether, as simply deactivating it does not eliminate the security risk. [1]