Roxnor EmailKit Missing Authorization Vulnerability Allowing Arbitrary Content Deletion

Vulnerability

A missing authorization vulnerability in the Roxnor EmailKit WordPress plugin, affecting versions through 1.6.0, allows for arbitrary content deletion. This issue arises from incorrectly configured access control security levels, which could enable a malicious actor to delete various types of content from a website, such as posts, pages, or media.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of content from the affected WordPress site, including posts, pages, or media files.

Added: Sep 26, 2025, 10:03 AM

Updated: Sep 26, 2025, 3:30 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

0.6

exploitability

5.2

remediation

0.0

relevance

0.6

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Roxnor EmailKit Missing Authorization Vulnerability Allowing Arbitrary Content Deletion

Vulnerability

Impact

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating