User Meta – User Profile Builder and User management plugin <= 3.1.2 – Authenticated (Subscriber+) Arbitrary File Deletion | CVE 2025-9693 | Plugin Vulnerabilities

Description

The User Meta – User Profile Builder and User management plugin plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in the postInsertUserProcess function in all versions up to, and including, 3.1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).

Affects Plugins

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/d482f3a1-4a5a-4382-88b1-fd3b91605694

Classification

Type

LFI

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

Kishan Vyas

Verified

No

WPVDB ID

caae8cd6-93a6-40dd-b20e-4d45ec2f1c98

Timeline

Publicly Published

2025-09-10 (about 6 months ago)

Added

2025-09-10 (about 6 months ago)

Last Updated

2025-09-11 (about 6 months ago)

Other

Published

Title

Published

2025-01-16

Title

XLSXviewer <= 2.1.1 - Authenticated (Subscriber+) Arbitrary File Deletion

Published

2025-06-24

Title

FW Food Menu <= 6.0.0 - Unauthenticated Arbitrary File Deletion

Published

2024-05-13

Title

JCH Optimize < 4.2.1 - Authenticated (Subscriber+) Directory Traversal

Published

2015-07-07

Title

S3Bubble Amazon S3 Video And Audio Streaming With Analytics <= 2.0 - Arbitrary File Download

Published

2025-02-05

Title

Post and Page Builder by BoldGrid < 1.27.7 - Path Traversal to Authenticated (Contributor+) Arbitrary File Read via template_via_url Function