{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14675", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-13T16:53:02.153Z", "datePublished": "2026-03-07T07:22:02.665Z", "dateUpdated": "2026-04-08T16:32:54.494Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:32:54.494Z"}, "affected": [{"vendor": "metabox", "product": "Meta Box", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "5.11.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}], "title": "Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/036467de-95bb-4bfd-9522-df8dc17f3102?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3475210/meta-box#file3"}, {"url": "https://plugins.trac.wordpress.org/browser/meta-box/tags/5.11.0/inc/fields/file.php#L30"}, {"url": "https://plugins.trac.wordpress.org/browser/meta-box/tags/5.11.0/inc/fields/file.php#L54"}, {"url": "https://github.com/wpmetabox/meta-box/pull/1654"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "JongHwan Shin"}], "timeline": [{"time": "2025-12-17T16:22:11.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-03-06T19:09:12.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-03-09T17:34:19.136183Z", "id": "CVE-2025-14675", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T18:29:17.732Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14675", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2026-03-09T17:34:19.136183Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-03-09T17:34:24.700Z"}}], "cna": {"title": "Meta Box <= 5.11.1 - Authenticated (Contributor+) Arbitrary File Deletion", "credits": [{"lang": "en", "type": "finder", "value": "JongHwan Shin"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "metabox", "product": "Meta Box", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "5.11.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-17T16:22:11.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-03-06T19:09:12.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/036467de-95bb-4bfd-9522-df8dc17f3102?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset/3475210/meta-box#file3"}, {"url": "https://plugins.trac.wordpress.org/browser/meta-box/tags/5.11.0/inc/fields/file.php#L30"}, {"url": "https://plugins.trac.wordpress.org/browser/meta-box/tags/5.11.0/inc/fields/file.php#L54"}, {"url": "https://github.com/wpmetabox/meta-box/pull/1654"}], "descriptions": [{"lang": "en", "value": "The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:32:54.494Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14675", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:32:54.494Z", "dateReserved": "2025-12-13T16:53:02.153Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-03-07T07:22:02.665Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Meta Box plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the 'ajax_delete_file' function in all versions up to, and including, 5.11.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php)."}, {"lang": "es", "value": "El plugin Meta Box para WordPress es vulnerable a la eliminaci\u00f3n arbitraria de archivos debido a una validaci\u00f3n insuficiente de la ruta de archivo en la funci\u00f3n 'ajax_delete_file' en todas las versiones hasta la 5.11.1, inclusive. Esto hace posible que atacantes autenticados, con acceso de nivel Colaborador o superior, eliminen archivos arbitrarios en el servidor, lo que puede conducir f\u00e1cilmente a la ejecuci\u00f3n remota de c\u00f3digo cuando se elimina el archivo correcto (como wp-config.php)."}], "id": "CVE-2025-14675", "lastModified": "2026-04-22T21:27:27.950", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-03-07T08:16:05.963", "references": [{"source": "security@wordfence.com", "url": "https://github.com/wpmetabox/meta-box/pull/1654"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/meta-box/tags/5.11.0/inc/fields/file.php#L30"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/meta-box/tags/5.11.0/inc/fields/file.php#L54"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3475210/meta-box#file3"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/036467de-95bb-4bfd-9522-df8dc17f3102?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "semver", "value": "[0,5.11.1]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "Meta Box", "source": "cna", "vendor": "metabox"}, "product": "meta_box", "vendor": "metabox"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-22T15:23:47.924851+00:00", "value": {"mitigation_remediation": ["Upgrade the Meta Box plugin to version 5.11.2 or later, which removes the file\u2011path validation flaw.", "Reduce or remove the file\u2011deletion capability for Contributor and lower roles so that only administrators can trigger ajax_delete_file.", "Add additional server\u2011side validation to confirm that any file deletion request references a path within the approved uploads directory, denying deletions outside that scope."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is the Meta Box plugin (metabox:Meta Box) for WordPress. All releases up to and including version 5.11.1 are vulnerable. No other plugin versions are mentioned.", "description_and_impact": "The Meta Box plugin for WordPress is impacted by a flaw that permits authenticated users with Contributor or higher permissions to delete arbitrary files on the server. The vulnerability is caused by inadequate validation of file paths in the ajax_delete_file function. If an attacker can remove critical files such as wp-config.php, the deletion can facilitate remote code execution or other destructive actions.", "risk_and_exploitability": "With a CVSS score of 7.2 the flaw is considered moderate to high severity, but the EPSS score is low (<1%) indicating that exploitation is unlikely at present. The flaw is not listed in the CISA KEV catalog. Exploitation requires a logged\u2011in user with Contributor or higher privileges who can access the plugin\u2019s AJAX endpoint to issue a file deletion request. The attack relies on insufficient path validation, and the damage is confined to the server's file system, potentially allowing full compromise if attackers target core files."}}}}, "created": "2026-03-09T10:05:44.358812+00:00", "updated": "2026-04-22T15:30:20.776330+00:00", "vendors": ["metabox", "metabox$PRODUCT$meta_box", "wordpress", "wordpress$PRODUCT$wordpress"]}