Platform
wordpress
Component
vikinger
Fixed in
1.9.33
CVE-2025-4946 is an arbitrary file deletion vulnerability affecting the Vikinger WordPress theme. This flaw allows authenticated users with Subscriber-level access or higher to delete arbitrary files on the server. Successful exploitation can lead to remote code execution, particularly if critical configuration files like wp-config.php are targeted. The vulnerability impacts versions 0.0.0 through 1.9.32 of the Vikinger theme and requires the Vikinger Media plugin to be installed and active.
The primary impact of CVE-2025-4946 is the potential for remote code execution (RCE). While the vulnerability requires authentication, the relatively low privilege level (Subscriber) makes it accessible to a significant portion of WordPress users. An attacker could delete critical files, such as wp-config.php, which contains sensitive database credentials and configuration settings. Deletion of this file would effectively disable the WordPress site and potentially allow the attacker to gain control of the database and server. The Vikinger Media plugin dependency expands the attack surface, as the vulnerability is tied to its functionality. The ease of file deletion, combined with the potential for RCE, makes this a high-risk vulnerability.
CVE-2025-4946 was publicly disclosed on 2025-07-02. As of this date, no public proof-of-concept (PoC) exploits have been released, but the vulnerability's ease of exploitation suggests that PoCs are likely to emerge. The EPSS score is likely to be medium due to the relatively low privilege requirement and potential for RCE. The vulnerability is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
2.19% (84% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-4946 is to upgrade the Vikinger WordPress theme to a patched version. The vendor has not yet released a fixed version, so immediate action is required. As a temporary workaround, restrict file permissions on sensitive files like wp-config.php to prevent unauthorized access and modification. Consider implementing a Web Application Firewall (WAF) with rules to block suspicious file deletion requests targeting the vikingerdeleteactivitymediaajax() endpoint. Regularly review WordPress user roles and permissions to ensure that only authorized users have access to administrative functions. After upgrading, verify the integrity of the WordPress installation by checking for any unauthorized file modifications and confirming that the Vikinger Media plugin is functioning as expected.
Actualice el tema Vikinger a una versión posterior a 1.9.32 para mitigar la vulnerabilidad de eliminación arbitraria de archivos. Asegúrese de que el plugin Vikinger Media también esté actualizado. Verifique los permisos de los archivos y directorios para limitar el acceso y reducir el riesgo de explotación.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-4946 is a HIGH severity vulnerability in the Vikinger WordPress theme allowing authenticated users to delete arbitrary files, potentially leading to remote code execution if critical files like wp-config.php are targeted. It affects versions 0.0.0–1.9.32.
You are affected if your WordPress site uses the Vikinger theme, specifically versions 0.0.0 through 1.9.32, and the Vikinger Media plugin is installed and active. Check your theme version immediately.
Upgrade the Vikinger WordPress theme to a patched version as soon as it becomes available. Until then, restrict file permissions and consider using a WAF to mitigate the risk.
While no public exploits have been released yet, the vulnerability's ease of exploitation suggests active exploitation is possible. Monitor your systems closely.
Check the official Vikinger WordPress theme website and the WordPress plugin repository for updates and advisories related to CVE-2025-4946.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.