DNA View

Critical Severity Vulnerability

This vulnerability has been rated as Critical severity. Immediate action is recommended.

CVE-2025-14829

Critical

Low Medium High Critical

9.1

CVSS Score

Published: Jan 13, 2026

Last Modified: Jan 13, 2026

Vulnerability Description

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.

CVSS Metrics

Common Vulnerability Scoring System

Vector String:

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Attack Vector

Attack Complexity

Privileges Required

User Interaction

Scope

Confidentiality

Integrity

Availability

References & Resources

https://wpscan.com/vulnerability/872569bc-16fb-427f-accc-147f284137cd/
contact@wpscan.com

Severity Details

9.1

out of 10.0

Critical

Key Information

Published Date: January 13, 2026

External Resources

NIST NVD

National Vulnerability Database

CVE Details

Detailed vulnerability info

MITRE CVE

Official CVE record

CVE Vulnerabilities

Posts & Pages