What the vulnerability does
01Description
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions.
CVSS base score
CVSS vector
CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:N/I:N/A:H
What the vulnerability does
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions.
Explanation of Vulnerability in Simple Terms
Meta Box versions up to 5.11.1 contain a path traversal vulnerability that allows an attacker to cause the site to become unavailable. The vulnerability requires specific conditions to exploit but does not require authentication. Sites running affected versions should update immediately to restore availability.
What an attacker can do
Make the site unavailable by triggering a denial-of-service condition through path traversal.
Potential impact on your site
Your site may become unavailable until the plugin is updated or disabled.
Conditions required to exploit
Network access to the site; specific attack conditions must be met (high complexity).
Key dates
External resources
Related vulnerabilities