CVE-2025-10916
FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion
Vexday Risk Score
28Bajo
Decisión SSVC (CISA)
Track
Sin señal de explotación → monitorear
CVSS 9.1EPSS 0.3%KEV nãoPoC —Nuclei —Metasploit —Patch —
Ciclo de vida
21 oct 2025Publicada en NVD
Recomendación: Monitorear — sin señal de explotación por ahora.
The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H
Productos afectados
Unknown · FormGent