MeldSecurity
Press Enter to search
CVE Database & Search β†’
Sign In Get Started

CVE-2025-7641

πŸ”΄ HIGH

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpo...

Published
Aug 15, 2025
Last Modified
Aug 15, 2025
Views
9
Bookmarks
0

Description

Request Expert Review

The Assistant for NextGEN Gallery plugin for WordPress is vulnerable to arbitrary directory deletion due to insufficient file path validation in the /wp-json/nextgenassistant/v1.0.0/control REST endpoint in all versions up to, and including, 1.0.9. This makes it possible for unauthenticated attackers to delete arbitrary directories on the server, which can cause a complete loss of availability.

CVSS Scores

CVSS 3.1 7.5
7.5
HIGH
CVSS 2.0 7.5

References

plugins.trac.wordpress.org wordpress.org www.wordfence.com

Additional Information

Source
security@wordfence.com
State
Awaiting analysis

Related CVEs

CVE-2025-13237

HIGH

A security flaw has been discovered in itsourcecode Inventory Management System 1.0. Affected is an unknown function of the file /LogSignModal.PHP. Th...

Score: 7.3

CVE-2025-12482

HIGH

The Booking for Appointments and Events Calendar – Amelia plugin for WordPress is vulnerable to SQL Injection via the β€˜search’ parameter in all versio...

Score: 7.5

CVE-2025-13236

MEDIUM

A vulnerability was identified in itsourcecode Inventory Management System 1.0. This impacts an unknown function of the file /admin/products/index.php...

Score: 6.3

CVE-2025-13235

HIGH

A vulnerability was determined in itsourcecode Inventory Management System 1.0. This affects an unknown function of the file /admin/login.php. Executi...

Score: 7.3

CVE-2025-13234

MEDIUM

A vulnerability was found in itsourcecode Inventory Management System 1.0. The impacted element is an unknown function of the file /index.php?q=produc...

Score: 6.3

CVE-2025-13233

HIGH

A vulnerability has been found in itsourcecode Inventory Management System 1.0. The affected element is an unknown function of the file /index.php?q=s...

Score: 7.3

Share CVE-2025-7641

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-7641 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis