What the vulnerability does
01Description
The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability can be used to delete the wp-config.php file, which can be leveraged into a site takeover.
Explanation of Vulnerability in Simple Terms
02Summary
BeeTeam368 Extensions versions 2.3.4 and earlier contain a vulnerability allowing authenticated users with low privileges to read sensitive data, modify site content, or disrupt service. The flaw requires network access and a valid user account but no additional user interaction. All three impact categories are affected, making this a high-severity issue for any site running the affected extension.
What an attacker can do
03Attacker Capabilities
Read sensitive data, modify content, or disrupt service availability on the site.
Potential impact on your site
04Site Impact
Any authenticated user can compromise confidentiality, integrity, and availability of your site.
Conditions required to exploit
05Prerequisites
Attacker must have a low-privilege user account on the site; network access required.
Key dates
06Disclosure timeline
June 28, 2025
CVE published
April 8, 2026
Record updated