Plattform
wordpress
Komponente
eleganzo
Behoben in
1.2.1
1.3
CVE-2025-15470 is a medium-severity vulnerability affecting the Eleganzo WordPress theme. It allows authenticated users (Subscriber level and above) to delete arbitrary directories on the server due to insufficient path validation. This vulnerability impacts versions up to 1.2 and is resolved in version 1.3. Users are advised to upgrade immediately.
An attacker exploiting CVE-2025-15470 can leverage their subscriber-level access to delete arbitrary directories on the server. This includes the potential to delete the WordPress root directory, effectively crippling the website. While not a direct remote code execution vulnerability, the ability to delete critical files can have a devastating impact, leading to data loss, website downtime, and potential compromise of the underlying server. The blast radius encompasses all files and directories accessible to the vulnerable function.
CVE-2025-15470 was published on 2026-04-15. Its exploitation probability is currently unknown. Public proof-of-concept (POC) code is not yet available. Monitor security advisories and vulnerability databases for updates.
Exploit-Status
EPSS
0.04% (12% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-15470 is to upgrade the Eleganzo WordPress theme to version 1.3 or later. If upgrading is not immediately possible, restrict file system permissions to prevent subscriber-level users from deleting files. Implement a Web Application Firewall (WAF) rule to block requests containing malicious directory deletion attempts. Monitor server logs for unusual file deletion activity. After upgrading, verify the fix by attempting to delete a test directory with a subscriber-level account.
Aktualisieren Sie auf Version 1.3 oder eine neuere gepatchte Version
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-15470 is a medium-severity vulnerability in the Eleganzo WordPress theme that allows authenticated users to delete arbitrary directories on the server, potentially leading to complete compromise.
You are affected if you are using the Eleganzo WordPress theme version 1.2 or earlier. Upgrade to version 1.3 to mitigate the risk.
Upgrade the Eleganzo WordPress theme to version 1.3 or later. As a temporary workaround, restrict file system access for WordPress users with Subscriber roles.
Currently, there are no publicly known active campaigns exploiting CVE-2025-15470, but the vulnerability's severity warrants prompt patching.
Refer to the Eleganzo theme developer's website or the WordPress plugin repository for the latest advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.