CVE-2025-7712
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-07-17
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | madara | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Madara - Core plugin for WordPress, where the function wp_manga_delete_zip() does not properly validate file paths. This flaw allows unauthenticated attackers to delete arbitrary files on the server by exploiting the insufficient path validation. Deleting critical files like wp-config.php can lead to further severe consequences such as remote code execution.
How can this vulnerability impact me? :
The vulnerability can allow attackers to delete important files on your server without authentication. This can disrupt your website's functionality and potentially allow attackers to execute remote code if they delete files like wp-config.php, leading to full server compromise.