Skip to main content

Suredash

2 CVEs product

Monthly

CVE-2026-57401 CRITICAL Act Now

Arbitrary file deletion via path traversal in the SureDash WordPress plugin (Brainstorm Force) affects all versions up to and including 1.8.0, allowing an authenticated low-privilege user to delete files outside the plugin's intended directory by supplying crafted pathnames. The Patchstack reference explicitly characterizes the flaw as arbitrary file deletion, meaning an attacker can remove critical files such as wp-config.php to disrupt the site or force a re-installation takeover. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the CVSS 9.9 rating reflects the low barrier to exploitation.

Path Traversal Suredash
NVD
CVSS 3.1
9.9
EPSS
0.5%
CVE-2026-54813 HIGH This Week

Blind SQL injection in Brainstorm Force SureDash WordPress plugin versions up to and including 1.8.0 allows authenticated low-privileged attackers to inject arbitrary SQL commands through unsanitized input. The scope-changed CVSS 8.5 score reflects that exploitation can impact resources beyond the vulnerable component, exposing sensitive WordPress database contents to remote attackers. No public exploit identified at time of analysis.

SQLi Suredash
NVD
CVSS 3.1
8.5
EPSS
0.2%
EPSS 1% CVSS 9.9
CRITICAL Act Now

Arbitrary file deletion via path traversal in the SureDash WordPress plugin (Brainstorm Force) affects all versions up to and including 1.8.0, allowing an authenticated low-privilege user to delete files outside the plugin's intended directory by supplying crafted pathnames. The Patchstack reference explicitly characterizes the flaw as arbitrary file deletion, meaning an attacker can remove critical files such as wp-config.php to disrupt the site or force a re-installation takeover. No public exploit identified at time of analysis and the issue is not listed in CISA KEV, but the CVSS 9.9 rating reflects the low barrier to exploitation.

Path Traversal Suredash
NVD
EPSS 0% CVSS 8.5
HIGH This Week

Blind SQL injection in Brainstorm Force SureDash WordPress plugin versions up to and including 1.8.0 allows authenticated low-privileged attackers to inject arbitrary SQL commands through unsanitized input. The scope-changed CVSS 8.5 score reflects that exploitation can impact resources beyond the vulnerable component, exposing sensitive WordPress database contents to remote attackers. No public exploit identified at time of analysis.

SQLi Suredash
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy