CVE-2025-3812

HIGH Year: 2025
CVSS v3 Score
8.1
High
Weakness Type
CWE-73
View all →

Vulnerability Description

The WPBot Pro Wordpress Chatbot plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the qcld_openai_delete_training_file() function in all versions up to, and including, 13.6.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Related Vulnerabilities

CVE-2023-3256

HIGH
CVSS:8.1(High)

Advantech R-SeeNet versions 2.4.22 allows low-level users to access and load the content of local files.

CWE-732023

CVE-2023-32615

HIGH
CVSS:8.1(High)

A file write vulnerability exists in the OAS Engine configuration functionality of Open Automation Software OAS Platform v18.00.0072. A specially crafted series of network requests can lead to arbitra...

CWE-732023

CVE-2024-10361

HIGH
CVSS:8.1(High)

An arbitrary file deletion vulnerability exists in danny-avila/librechat version v0.7.5-rc2, specifically within the /api/files endpoint. This vulnerability arises from improper input validation, allo...

CWE-732024

CVE-2024-20652

HIGH
CVSS:8.1(High)

Windows HTML Platforms Security Feature Bypass Vulnerability

CWE-732024

CVE-2024-28826

HIGH
CVSS:8.1(High)

Improper restriction of local upload and download paths in check_sftp in Checkmk before 2.3.0p4, 2.2.0p27, 2.1.0p44, and in Checkmk 2.0.0 (EOL) allows attackers with sufficient permissions to configur...

CWE-732024

CVE-2024-38049

HIGH
CVSS:8.1(High)

Windows Distributed Transaction Coordinator Remote Code Execution Vulnerability

CWE-732024