Skip to main content
CVE-2025-12673 CRITICAL Act Now

The Flex QR Code Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the update_qr_code() function in all versions up to, and including, 1.2.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

File Upload WordPress RCE
NVD GitHub
CVSS 3.1
9.8
EPSS
0.2%
CVE-2025-13377 CRITICAL PATCH Act Now

The 10Web Booster - Website speed optimization, Cache & Page Speed optimizer plugin for WordPress is vulnerable to arbitrary folder deletion due to insufficient file path validation in the get_cache_dir_for_page_from_url() function in all versions up to, and including, 2.32.7. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary folders on the server, which can easily lead to a loss of data or a denial of service condition.

Path Traversal WordPress Denial Of Service 10web Booster PHP
NVD
CVSS 3.1
9.6
EPSS
0.1%

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy