Primary

Context

BeeTeam368 Extensions Pro Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A directory traversal vulnerability has been identified in the BeeTeam368 Extensions Pro plugin for WordPress, affecting all versions through 2.3.4. The issue arises in the handle_live_fn() function, where improper validation allows authenticated attackers with Subscriber-level access or higher to manipulate files outside the intended directory. This vulnerability could be exploited to delete critical files such as wp-config.php, potentially leading to a complete takeover of the affected site.

Impact

Exploitation of this vulnerability allows for arbitrary file deletion, with the potential to delete critical WordPress files like wp-config.php, leading to a complete site takeover.

Remediation

Users are advised to update the BeeTeam368 Extensions Pro plugin to version 2.3.5 or later.

Added: Jun 28, 2025, 4:28 AM

Updated: Jun 28, 2025, 4:28 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.0

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BeeTeam368 Extensions Pro Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating