Product

BuddyPress Xprofile Custom Fields Type

1 brief RSS

BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution via Arbitrary File Deletion

CVE-2018-25308 is a remote code execution vulnerability in BuddyPress Xprofile Custom Fields Type 2.6.3 that allows authenticated users to delete arbitrary files on the server by manipulating POST parameters.

BuddyPress Xprofile Custom Fields Type rce file-deletion wordpress

2r 1t 1c 5d ago