CVE-2026-57401 CRITICAL

CVE-2026-57401: WordPress SureDash plugin <= 1.8.0 - Arbitrary File Deletion vulnerability

Vendor Brainstorm Force
Product SureDash
Weakness CWE-22 · Path traversal
Published July 13, 2026
Last update July 13, 2026

CVSS base score

9.9/10
Attack vector Network
Attack complexity Low
Privileges required Low
User interaction None
Confidentiality High
Integrity High

CVSS vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

What the vulnerability does

01Description

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through <= 1.8.0.

Explanation of Vulnerability in Simple Terms

02Summary

SureDash versions 1.8.0 and earlier contain a path traversal vulnerability that allows authenticated users to read arbitrary files from the server. An attacker with low-level access can bypass directory restrictions and access sensitive files outside the intended application directory. This affects confidentiality, integrity, and availability of the system.

What an attacker can do

03Attacker Capabilities

Read, modify, or delete arbitrary files on the server outside the application directory.

Potential impact on your site

04Site Impact

Attackers with basic user accounts can access sensitive configuration files, database credentials, and other private data.

Conditions required to exploit

05Prerequisites

Attacker must have a low-privilege user account on the site; no user interaction required.

Key dates

06Disclosure timeline

July 13, 2026 CVE published

Related vulnerabilities

08Related CVE