On June 21st, 2025, we received a submission for an Arbitrary File Deletion vulnerability in SureForms, a WordPress plugin with more than 200,000 active installations. This vulnerability makes it possible for unauthenticated threat actors to specify arbitrary file paths in a form submission, and the file will be deleted when the submission is deleted. It can be leveraged to delete critical files like wp-config.php, which can lead to remote code execution.
The post 200,000 WordPress Sites Affected by Arbitrary File Deletion Vulnerability in SureForms WordPress Plugin appeared first on Wordfence.
This article has been indexed from Blog – Wordfence
Read the original article: