Severity by source
AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Primary rating from Vendor (Patchstack) · only source for this CVE.
CVSS VectorVendor: Patchstack
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
2DescriptionCVE.org
Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in Brainstorm Force SureDash suredash allows Path Traversal.This issue affects SureDash: from n/a through <= 1.8.0.
AnalysisAI
Arbitrary file deletion via path traversal in the SureDash WordPress plugin (Brainstorm Force) affects all versions up to and including 1.8.0, allowing an authenticated low-privilege user to delete files outside the plugin's intended directory by supplying crafted pathnames. The Patchstack reference explicitly characterizes the flaw as arbitrary file deletion, meaning an attacker can remove critical files such as wp-config.php to disrupt the site or force a re-installation takeover. …
Unlock full vulnerability intelligence
- Risk assessment & exploitation conditions
- Attack chain visualization
- Remediation with exact patch versions
- Threat intelligence from 22 sources
- Personal watchlist & email alerts
Free forever · No credit card required
Recommended ActionAI
Within 24 hours: immediately deactivate the SureDash plugin and restrict low-privilege user account creation or access to prevent exploitation. …
Sign in for detailed remediation steps and compensating controls.
Threat intelligence, references, and detailed analysis are available after sign-in.
Same weakness CWE-22 – Path Traversal
View allSame technique Path Traversal
View allShare
External POC / Exploit Code
Leaving vuln.today
EUVD-2026-43473