CVE 9.1 CRITICAL

FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion_CVE-2025-10916

October 21, 2025 invoker category_cve

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Description

The FormGent WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.

AI Analysis

Unauthenticated arbitrary file deletion vulnerability in FormGent WordPress plugin due to insufficient file path validation

Basic Information

ID CVE-2025-10916

Source WPScan

Published Oct 21, 2025 at 06:00

Modified Oct 21, 2025 at 14:08

Affected Product

Vendor Unknown

Product FormGent

Affected Versions Unknown FormGent 0

CWE Classification

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor Unknown

Product FormGent

Version < 1.0.4

References

wpscan.com /vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/

{
    "lastseen": "",
    "description": "The FormGent  WordPress plugin before 1.0.4 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.",
    "published": "2025-10-21T06:00:06.764Z",
    "modified": "2025-10-21T14:08:34.703Z",
    "type": "cve",
    "title": "FormGent < 1.0.4 - Unauthenticated Arbitrary File Deletion",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/81c23998-1abb-495f-890a-79624a4cab9a/",
    "id": "CVE-2025-10916",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown FormGent 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "FormGent",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "Unauthenticated arbitrary file deletion vulnerability in FormGent WordPress plugin due to insufficient file path validation",
    "ai_severity": "Critical",
    "ai_vendor": "Unknown",
    "ai_product": "FormGent",
    "ai_version": "< 1.0.4",
    "ai_score": 9.1
}

💭 Join the Security Discussion ❌ Cancel Reply