CVE-2018-25308 - BuddyPress Xprofile Custom Fields Type 2.6.3 Remote Code Execution
CVE ID :CVE-2018-25308 Published : April 29, 2026, 8:16 p.m. | 1 hour, 24 minutes ago Description :BuddyPress Xprofile Custom Fields Type 2.6.3 contains a remote code execution vulnerability that allows authenticated users to delete arbitrary files by manipulating unescaped POST parameters. At
ORIGINAL SOURCE →via CVE Feed Latest
ADVERTISEMENT
⚡ STAY AHEAD
Events like this, convergence-verified across 689 sources, land in your inbox every Sunday. Free.
GET THE SUNDAY BRIEFING →RELATED · cyber
- [CYBER] How I Built a DDoS Detection Engine for Nextcloud
- [CYBER] Copy Fail exploit lets 732 bytes hijack Linux systems and quietly grab root
- [CYBER] Building a DDoS Bouncer: Anomaly Detection with Python & Z-Score
- [CYBER] SWEAT protocol thwarts multi-million dollar exploit, restores user balances
- [CYBER] CVE-2026-7408 - SourceCodester Pizzafy Ecommerce System ajax.php save_menu sql injection
- [CYBER] CVE-2026-7407 - SourceCodester Pizzafy Ecommerce System Setting ajax.php save_settings sql injection