Primary

Context

BeeTeam368 Extensions WordPress Plugin Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A directory traversal vulnerability has been identified in the BeeTeam368 Extensions plugin for WordPress, affecting all versions through 2.3.4. The issue arises in the handle_remove_temp_file() function, where authenticated attackers with Subscriber-level access or higher can manipulate files outside the intended directory. This vulnerability could be exploited to delete critical files such as wp-config.php, potentially leading to a complete takeover of the affected site.

Impact

Exploitation of this vulnerability allows for absolute path traversal, enabling authenticated users to delete arbitrary files on the server. Notably, deleting the wp-config.php file can result in a full site takeover.

Remediation

Users are advised to update the BeeTeam368 Extensions WordPress plugin to version 2.3.5 or later.

Added: Jun 28, 2025, 4:30 AM

Updated: Jun 28, 2025, 4:30 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

5.2

remediation

7.7

relevance

0.2

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

BeeTeam368 Extensions WordPress Plugin Directory Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating