e-xact-hosted-payment

9.1 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H

Description

The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.

AI Analysis

Unauthenticated arbitrary file deletion vulnerability due to insufficient file path validation

Basic Information

ID CVE-2025-14829

Source WPScan

Published Jan 13, 2026 at 06:00

Modified Jan 13, 2026 at 14:40

Affected Product

Vendor Unknown

Product E-xact | Hosted Payment |

Affected Versions Unknown E-xact | Hosted Payment | 0

CWE Classification

AI Assessment

AI Score 9.1 / 10

AI Severity Critical

Vendor E-xact

Product E-xact Hosted Payment WordPress plugin

Version 2.0

References

wpscan.com /vulnerability/872569bc-16fb-427f-accc-147f284137cd/

{
    "lastseen": "",
    "description": "The E-xact | Hosted Payment | WordPress plugin through 2.0 is vulnerable to arbitrary file deletion due to insufficient file path validation. This makes it possible for unauthenticated attackers to delete arbitrary files on the server.",
    "published": "2026-01-13T06:00:07.538Z",
    "modified": "2026-01-13T14:40:18.145Z",
    "type": "cve",
    "title": "e-xact-hosted-payment <= 2.0 - Unauthenticated Arbitrary File Deletion",
    "source": "WPScan",
    "references": "https://wpscan.com/vulnerability/872569bc-16fb-427f-accc-147f284137cd/",
    "id": "CVE-2025-14829",
    "bulletinFamily": "",
    "cwe": [
        ""
    ],
    "cvelist": null,
    "sourceData": "Unknown E-xact | Hosted Payment | 0",
    "sourceHref": "",
    "cvss": {
        "score": 9.1,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "E-xact | Hosted Payment |",
    "version": "0",
    "vendor": "Unknown",
    "ai_description": "Unauthenticated arbitrary file deletion vulnerability due to insufficient file path validation",
    "ai_severity": "Critical",
    "ai_vendor": "E-xact",
    "ai_product": "E-xact Hosted Payment WordPress plugin",
    "ai_version": "2.0",
    "ai_score": 9.1
}

e-xact-hosted-payment <= 2.0 - Unauthenticated Arbitrary File Deletion_CVE-2025-14829