Skip to main content

Suredash CVE-2026-57401

| EUVDEUVD-2026-43473 CRITICAL
Path Traversal (CWE-22)
2026-07-13 Patchstack
9.9
CVSS 3.1 · Vendor: Patchstack
Share

Severity by source

Vendor (Patchstack) PRIMARY
9.9 CRITICAL
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from Vendor (Patchstack) · only source for this CVE.

CVSS VectorVendor: Patchstack

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

2
Analysis Generated
Jul 13, 2026 - 10:59 vuln.today
CVE Published
Jul 13, 2026 - 08:41 cve.org
CRITICAL 9.9

DescriptionCVE.org

Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through <= 1.8.0.

AnalysisAI

Arbitrary file deletion via path traversal in the SureDash WordPress plugin (Brainstorm Force) affects all versions up to and including 1.8.0, allowing an authenticated low-privilege user to delete files outside the plugin's intended directory by supplying crafted pathnames. The Patchstack reference explicitly characterizes the flaw as arbitrary file deletion, meaning an attacker can remove critical files such as wp-config.php to disrupt the site or force a re-installation takeover. …

Unlock full vulnerability intelligence

  • Risk assessment & exploitation conditions
  • Attack chain visualization
  • Remediation with exact patch versions
  • Threat intelligence from 22 sources
  • Personal watchlist & email alerts

Free forever · No credit card required

Recommended ActionAI

Within 24 hours: immediately deactivate the SureDash plugin and restrict low-privilege user account creation or access to prevent exploitation. …

Sign in for detailed remediation steps and compensating controls.

Threat intelligence, references, and detailed analysis are available after sign-in.

Share

CVE-2026-57401 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy