CVE-2025-26940 MEDIUM

CVE-2025-26940: WordPress Pie Register Premium plugin <= 3.8.3.2 - Path Traversal to Non-Arbitrary File Deletion vulnerability

Vendor Notfound
Product Pie Register Premium
Weakness CWE-35
Published March 15, 2025
Last update April 28, 2026

CVSS base score

6.3/10
Attack vector Network
Attack complexity High
Privileges required Low
User interaction None
Confidentiality None
Integrity None

CVSS vector

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:N/I:N/A:H

What the vulnerability does

01Description

Path Traversal vulnerability in NotFound Pie Register Premium. This issue affects Pie Register Premium: from n/a through 3.8.3.2.

Explanation of Vulnerability in Simple Terms

02Summary

Pie Register Premium versions up to 3.8.3.2 contain a vulnerability that allows an authenticated attacker with low privileges to cause a denial of service by disrupting site availability. The vulnerability requires high attack complexity and affects the broader system scope. No code execution or data breach occurs, but site operations can be impacted.

What an attacker can do

03Attacker Capabilities

Disrupt site availability and cause a denial of service affecting the broader system.

Potential impact on your site

04Site Impact

Site availability may be disrupted by an authenticated user with low privileges.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account; no user interaction required.

Key dates

06Disclosure timeline

March 15, 2025 CVE published
April 28, 2026 Record updated