{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-69376", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "state": "PUBLISHED", "assignerShortName": "Patchstack", "dateReserved": "2025-12-31T20:13:05.452Z", "datePublished": "2026-02-20T15:46:52.242Z", "dateUpdated": "2026-04-28T20:56:44.706Z"}, "containers": {"cna": {"affected": [{"collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected", "packageName": "wp-user-extra-fields", "product": "User Extra Fields", "vendor": "vanquish", "versions": [{"changes": [{"at": "17.1", "status": "unaffected"}], "lessThanOrEqual": "17.0", "status": "affected", "version": "0", "versionType": "custom"}]}], "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "datePublic": "2026-04-01T16:03:47.749Z", "descriptions": [{"lang": "en", "supportingMedia": [{"base64": false, "type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.<p>This issue affects User Extra Fields: from n/a through <= 17.0.</p>"}], "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0."}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "Path Traversal"}]}], "metrics": [{"cvssV3_1": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "format": "CVSS", "scenarios": [{"lang": "en", "value": "GENERAL"}]}], "problemTypes": [{"descriptions": [{"cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "lang": "en", "type": "CWE"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-28T16:14:39.774Z"}, "references": [{"tags": ["vdb-entry"], "url": "https://patchstack.com/database/Wordpress/Plugin/wp-user-extra-fields/vulnerability/wordpress-user-extra-fields-plugin-17-0-arbitrary-file-deletion-vulnerability?_s_id=cve"}], "title": "WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability"}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-02-26T18:57:03.721509Z", "id": "CVE-2025-69376", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-04-28T20:56:44.706Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "CHANGED", "version": "3.1", "baseScore": 8.6, "attackVector": "NETWORK", "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "integrityImpact": "NONE", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-69376", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-02-26T18:57:03.721509Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-02-26T18:57:18.832Z"}}], "cna": {"title": "WordPress User Extra Fields plugin <= 17.0 - Arbitrary File Deletion vulnerability", "credits": [{"lang": "en", "type": "finder", "value": "Phat RiO | Patchstack Bug Bounty Program"}], "impacts": [{"capecId": "CAPEC-126", "descriptions": [{"lang": "en", "value": "Path Traversal"}]}], "affected": [{"vendor": "vanquish", "product": "User Extra Fields", "versions": [{"status": "affected", "changes": [{"at": "17.1", "status": "unaffected"}], "version": "0", "versionType": "custom", "lessThanOrEqual": "17.0"}], "packageName": "wp-user-extra-fields", "collectionURL": "https://wordpress.org/plugins", "defaultStatus": "unaffected"}], "datePublic": "2026-04-01T16:03:47.749Z", "references": [{"url": "https://patchstack.com/database/Wordpress/Plugin/wp-user-extra-fields/vulnerability/wordpress-user-extra-fields-plugin-17-0-arbitrary-file-deletion-vulnerability?_s_id=cve", "tags": ["vdb-entry"]}], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0.", "supportingMedia": [{"type": "text/html", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.<p>This issue affects User Extra Fields: from n/a through <= 17.0.</p>", "base64": false}]}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "21595511-bba5-4825-b968-b78d1f9984a3", "shortName": "Patchstack", "dateUpdated": "2026-04-01T14:13:25.470Z"}}}, "cveMetadata": {"cveId": "CVE-2025-69376", "state": "PUBLISHED", "dateUpdated": "2026-04-01T14:13:25.470Z", "dateReserved": "2025-12-31T20:13:05.452Z", "assignerOrgId": "21595511-bba5-4825-b968-b78d1f9984a3", "datePublished": "2026-02-20T15:46:52.242Z", "assignerShortName": "Patchstack"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal') vulnerability in vanquish User Extra Fields wp-user-extra-fields allows Path Traversal.This issue affects User Extra Fields: from n/a through <= 17.0."}, {"lang": "es", "value": "Limitaci\u00f3n Inadecuada de un Nombre de Ruta a un Directorio Restringido ('Salto de Ruta') vulnerabilidad en vanquish User Extra Fields wp-user-extra-fields permite el Salto de Ruta. Este problema afecta a User Extra Fields: desde n/a hasta &lt;= 17.0."}], "id": "CVE-2025-69376", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.6, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "NONE", "privilegesRequired": "NONE", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 4.0, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2026-02-20T16:22:22.003", "references": [{"source": "audit@patchstack.com", "url": "https://patchstack.com/database/Wordpress/Plugin/wp-user-extra-fields/vulnerability/wordpress-user-extra-fields-plugin-17-0-arbitrary-file-deletion-vulnerability?_s_id=cve"}], "sourceIdentifier": "audit@patchstack.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "audit@patchstack.com", "type": "Secondary"}]}

{}

{"affected": [{"configurations": [{"platform": null, "status": "affected", "versions": {"scheme": "generic", "value": "[0,17.0]"}}], "enrichment": {"confidence": 100.0, "confidence_source": "matching", "scores": [{"score": 100.0, "source": "matching"}]}, "original": {"product": "User Extra Fields", "source": "cna", "vendor": "vanquish"}, "product": "user_extra_fields", "vendor": "vanquish"}, {"configurations": [{"platform": null, "status": "unaffected", "versions": null}], "enrichment": {"confidence": 80.0, "confidence_source": "inferred", "scores": [{"score": 80.0, "source": "inferred"}, {"score": 100.0, "source": "matching"}]}, "product": "wordpress", "vendor": "wordpress"}], "analysis": {"en": {"generated_at": "2026-04-28T17:38:30.052099+00:00", "value": {"mitigation_remediation": ["Apply the latest update released by vanquish for the User Extra Fields plugin to address the path traversal flaw.", "Reconfigure the plugin to use a dedicated, non-sensitive upload directory and enforce strict file permissions so that the web server process cannot delete critical files.", "Implement a web application firewall rule that detects and blocks path traversal patterns, preventing malformed requests from reaching the plugin code."], "summary": {"action": "Patch Now", "impact": "Remote File Deletion"}, "threat_synthesis": {"affected_systems": "The vulnerability exists in all releases of the vanquish User Extra Fields plugin up to and including version 17.0. No other products or vendors are affected according to the CNA information.", "description_and_impact": "The Vanquish User Extra Fields WordPress plugin allows path traversal that can be used to delete arbitrary files on the hosting server. This flaw is a classic instance of CWE22, giving an attacker the ability to remove any file the web server process can access, potentially crippling site functionality or deleting sensitive data.", "risk_and_exploitability": "The CVSS score of 8.6 indicates a high severity attack with a large impact if exploited. The EPSS score of less than 1% suggests that attackers are unlikely to target this flaw at the moment, and it is not listed in CISA\u2019s KEV catalog. Nevertheless, the most likely attack vector is through the web interface or configuration files, where a user with CMS access can supply a malformed path to trigger the deletion. If exploited, the attacker can delete arbitrary files, leading to site downtime or data loss."}}}}, "created": "2026-02-23T14:37:17.466790+00:00", "updated": "2026-04-28T17:45:16.131233+00:00", "vendors": ["vanquish", "vanquish$PRODUCT$user_extra_fields", "wordpress", "wordpress$PRODUCT$wordpress"]}