Game Users Share Button

1 CVEs product

Monthly

Sort: Newest CVSS Score EPSS Score Oldest

CVE-2025-6755 HIGH This Week

The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ../../../../wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution.

RCE PHP WordPress Path Traversal Game Users Share Button

NVD

CVSS 3.1

8.8

EPSS

1.2%

CVE-2025-6755

EPSS 1% CVSS 8.8

HIGH This Week

The Game Users Share Buttons plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the ajaxDeleteTheme() function in all versions up to, and including, 1.3.0. This makes it possible for Subscriber-level attackers to add arbitrary file paths (such as ../../../../wp-config.php) to the themeNameId parameter of the AJAX request, which can lead to remote code execution.

RCE PHP WordPress +2

NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy