CVE-2025-10916
BaseFortify
Publication date: 2025-10-21
Last updated on: 2025-10-21
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| formgent | formgent | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The FormGent WordPress plugin versions before 1.0.4 have a vulnerability that allows unauthenticated attackers to delete arbitrary files on the server. This happens because the plugin does not properly validate file paths when handling file deletion requests. Attackers can exploit this by sending a specially crafted DELETE HTTP request with a base64-encoded file token that points to sensitive files, such as the WordPress configuration file, causing them to be deleted. [1]
How can this vulnerability impact me? :
This vulnerability can have a severe impact by allowing attackers to delete critical files on your server without authentication. For example, deleting the WordPress configuration file can disrupt your website's functionality, cause data loss, and potentially lead to a complete site outage. This can result in downtime, loss of user trust, and additional recovery costs. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by sending a DELETE HTTP request to the endpoint `/wp-json/formgent/responses/attachments` with a JSON payload containing a base64-encoded file token representing a sensitive file path. For example, using curl: `curl -X DELETE -H "Content-Type: application/json" -d '{"file_token":"Li4vLi4vLi4vd3AtY29uZmlnLnBocA=="}' http://example.com/wp-json/formgent/responses/attachments -v`. A successful detection attempt returns an HTTP 204 No Content response, indicating the file deletion endpoint is vulnerable. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the FormGent WordPress plugin to version 1.0.4 or later, where the vulnerability has been fixed. Additionally, restricting access to the vulnerable endpoint and monitoring for suspicious DELETE requests can help reduce risk until the update is applied. [1]