{"id":9409,"date":"2025-07-31T08:39:13","date_gmt":"2025-07-31T08:39:13","guid":{"rendered":"http:\/\/localhost\/?p=9409"},"modified":"2025-07-31T08:39:13","modified_gmt":"2025-07-31T08:39:13","slug":"ninjascanner-virus-malware-scan-325-authenticated-administrator-arbitrary-file-deletion","status":"publish","type":"post","link":"https:\/\/zero.redgem.net\/?p=9409","title":{"rendered":"NinjaScanner \u2013 Virus & Malware scan <= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion"},"content":{"rendered":"
\n

CVE Details<\/h2>\n
\n
\n

Basic Information<\/h3>\n\n\n\n\n\n
Title<\/th>\nNinjaScanner \u2013 Virus & Malware scan <= 3.2.5 - Authenticated (Administrator+) Arbitrary File Deletion<\/td>\n<\/tr>\n
Type<\/th>\ncve<\/td>\n<\/tr>\n
Published<\/th>\n2025-07-31T12:24:43.148Z<\/td>\n<\/tr>\n
Modified<\/th>\n2025-07-31T13:10:56.349Z<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Product Information<\/h3>\n\n\n\n\n
Vendor<\/th>\nnintechnet<\/td>\n<\/tr>\n
Product<\/th>\nNinjaScanner \u2013 Virus & Malware scan<\/td>\n<\/tr>\n
Version<\/th>\n*<\/td>\n<\/tr>\n<\/table>\n<\/div>\n<\/div>\n
\n

CVSS Information<\/h3>\n\n\n\n
Base Score<\/th>\n7.2 (HIGH)<\/td>\n<\/tr>\n
Attack Vector<\/th>\nCVSS:3.1\/AV:N\/AC:L\/PR:H\/UI:N\/S:U\/C:H\/I:H\/A:H<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

AI Analysis<\/h3>\n\n\n\n\n\n\n
AI Description<\/th>\nThe NinjaScanner WordPress plugin is vulnerable to arbitrary file deletion due to insufficient file path validation. This allows authenticated attackers with Administrator access to delete files outside the WordPress root directory. This vulnerability affects all versions up to 3.2.5.<\/td>\n<\/tr>\n
AI Severity<\/th>\nHigh<\/td>\n<\/tr>\n
AI Vendor<\/th>\nWordPress Community<\/td>\n<\/tr>\n
AI Product<\/th>\nNinjaScanner<\/td>\n<\/tr>\n
AI Version<\/th>\nup to 3.2.5<\/td>\n<\/tr>\n<\/table>\n<\/div>\n
\n

Affected Products<\/h4>\n