Wp Businessdirectory Business Directory Plugin For Wordpress
Monthly
Arbitrary file deletion in the WP-BusinessDirectory (Business Directory) plugin for WordPress (versions ≤ 4.0.1) lets unauthenticated remote attackers delete any file the web server can access, including wp-config.php. The flaw stems from the frontend-accessible task=upload.remove endpoint accepting an unsanitized _filename parameter that permits ../ path traversal. No public exploit is identified at time of analysis, but the CVSS 9.1 rating and trivial exploitation (network, no auth, no user interaction) make it high priority; deleting wp-config.php can force WordPress into its installer, enabling site takeover.
Arbitrary file deletion in the WP-BusinessDirectory (Business Directory) plugin for WordPress (versions ≤ 4.0.1) lets unauthenticated remote attackers delete any file the web server can access, including wp-config.php. The flaw stems from the frontend-accessible task=upload.remove endpoint accepting an unsanitized _filename parameter that permits ../ path traversal. No public exploit is identified at time of analysis, but the CVSS 9.1 rating and trivial exploitation (network, no auth, no user interaction) make it high priority; deleting wp-config.php can force WordPress into its installer, enabling site takeover.