Skip to main content

Bookpro

1 CVEs product

Monthly

CVE-2026-27400 HIGH This Week

Unauthenticated arbitrary file deletion in the OvaTheme BookPro WordPress plugin (versions ≤ 1.1.0) allows remote attackers to delete arbitrary files from the underlying server via a path traversal flaw (CWE-22). Deletion of critical files such as wp-config.php can force a WordPress site into the setup state, enabling site takeover, while the scope-changed CVSS 3.1 score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/A:H) and Patchstack disclosure mark this as a high-priority issue despite no public exploit being identified at time of analysis.

Path Traversal Bookpro
NVD
CVSS 3.1
8.6
EPSS
0.5%
EPSS 1% CVSS 8.6
HIGH This Week

Unauthenticated arbitrary file deletion in the OvaTheme BookPro WordPress plugin (versions ≤ 1.1.0) allows remote attackers to delete arbitrary files from the underlying server via a path traversal flaw (CWE-22). Deletion of critical files such as wp-config.php can force a WordPress site into the setup state, enabling site takeover, while the scope-changed CVSS 3.1 score of 8.6 (AV:N/AC:L/PR:N/UI:N/S:C/A:H) and Patchstack disclosure mark this as a high-priority issue despite no public exploit being identified at time of analysis.

Path Traversal Bookpro
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy