{"dataType": "CVE_RECORD", "dataVersion": "5.1", "cveMetadata": {"cveId": "CVE-2025-10916", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "state": "PUBLISHED", "assignerShortName": "WPScan", "dateReserved": "2025-09-24T14:00:49.975Z", "datePublished": "2025-10-21T06:00:06.764Z", "dateUpdated": "2025-10-21T14:08:34.703Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-10-21T06:00:06.764Z"}, "title": "FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion", "problemTypes": [{"descriptions": [{"description": "CWE-73 External Control of File Name or Path", "lang": "en", "type": "CWE"}]}], "affected": [{"vendor": "Unknown", "product": "FormGent", "versions": [{"status": "affected", "versionType": "semver", "version": "0", "lessThan": "1.0.4"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server."}], "references": [{"url": "https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "credits": [{"lang": "en", "value": "Khaled Alenazi (Nxploited)", "type": "finder"}, {"lang": "en", "value": "WPScan", "type": "coordinator"}], "source": {"discovery": "EXTERNAL"}, "x_generator": {"engine": "WPScan CVE Generator"}}, "adp": [{"references": [{"url": "https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/", "tags": ["exploit"]}], "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"timestamp": "2025-10-21T13:41:56.903293Z", "id": "CVE-2025-10916", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T14:08:34.703Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"cvssV3_1": {"scope": "UNCHANGED", "version": "3.1", "baseScore": 9.1, "attackVector": "NETWORK", "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "integrityImpact": "HIGH", "userInteraction": "NONE", "attackComplexity": "LOW", "availabilityImpact": "HIGH", "privilegesRequired": "NONE", "confidentialityImpact": "NONE"}}, {"other": {"type": "ssvc", "content": {"id": "CVE-2025-10916", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "yes"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-21T13:41:56.903293Z"}}}], "references": [{"url": "https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-21T13:42:00.215Z"}}], "cna": {"title": "FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion", "source": {"discovery": "EXTERNAL"}, "credits": [{"lang": "en", "type": "finder", "value": "Khaled Alenazi (Nxploited)"}, {"lang": "en", "type": "coordinator", "value": "WPScan"}], "affected": [{"vendor": "Unknown", "product": "FormGent", "versions": [{"status": "affected", "version": "0", "lessThan": "1.0.4", "versionType": "semver"}], "defaultStatus": "unaffected"}], "references": [{"url": "https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/", "tags": ["exploit", "vdb-entry", "technical-description"]}], "x_generator": {"engine": "WPScan CVE Generator"}, "descriptions": [{"lang": "en", "value": "The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "description": "CWE-73 External Control of File Name or Path"}]}], "providerMetadata": {"orgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "shortName": "WPScan", "dateUpdated": "2025-10-21T06:00:06.764Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10916", "state": "PUBLISHED", "dateUpdated": "2025-10-21T14:08:34.703Z", "dateReserved": "2025-09-24T14:00:49.975Z", "assignerOrgId": "1bfdd5d7-9bf6-4a53-96ea-42e2716d7a81", "datePublished": "2025-10-21T06:00:06.764Z", "assignerShortName": "WPScan"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server."}], "id": "CVE-2025-10916", "lastModified": "2025-10-21T19:31:25.450", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.1, "baseSeverity": "CRITICAL", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.2, "source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "type": "Secondary"}]}, "published": "2025-10-21T06:15:43.527", "references": [{"source": "contact@wpscan.com", "url": "https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/"}], "sourceIdentifier": "contact@wpscan.com", "vulnStatus": "Awaiting Analysis"}

{}