From 63a16e4461c9495dcb0937433b99e4e1909af468 Mon Sep 17 00:00:00 2001 From: Maarten Bruna <14947039+ictbeheer@users.noreply.github.com> Date: Tue, 10 Mar 2026 12:00:55 +0100 Subject: [PATCH] Improve GHSA-m4q3-832v-44j6 --- .../GHSA-m4q3-832v-44j6.json | 28 +++++++++++++++++-- 1 file changed, 26 insertions(+), 2 deletions(-) diff --git a/advisories/unreviewed/2026/03/GHSA-m4q3-832v-44j6/GHSA-m4q3-832v-44j6.json b/advisories/unreviewed/2026/03/GHSA-m4q3-832v-44j6/GHSA-m4q3-832v-44j6.json index 224235e2685d3..2745fb210fb6c 100644 --- a/advisories/unreviewed/2026/03/GHSA-m4q3-832v-44j6/GHSA-m4q3-832v-44j6.json +++ b/advisories/unreviewed/2026/03/GHSA-m4q3-832v-44j6/GHSA-m4q3-832v-44j6.json @@ -1,11 +1,12 @@ { "schema_version": "1.4.0", "id": "GHSA-m4q3-832v-44j6", - "modified": "2026-03-07T09:30:14Z", + "modified": "2026-03-07T09:30:21Z", "published": "2026-03-07T09:30:14Z", "aliases": [ "CVE-2025-14675" ], + "summary": "Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion", "details": "The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).", "severity": [ { @@ -13,7 +14,30 @@ "score": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H" } ], - "affected": [], + "affected": [ + { + "package": { + "ecosystem": "Packagist", + "name": "wpmetabox/meta-box" + }, + "ranges": [ + { + "type": "ECOSYSTEM", + "events": [ + { + "introduced": "0" + }, + { + "fixed": "5.11.2" + } + ] + } + ], + "database_specific": { + "last_known_affected_version_range": "<= 5.11.1" + } + } + ], "references": [ { "type": "ADVISORY",