Primary

Context

AivahThemes Hostme Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

A path traversal vulnerability has been identified in the AivahThemes Hostme WordPress theme, specifically in version 2, through version 7.0. This vulnerability allows unauthorized users to traverse the file system and potentially delete arbitrary files from the server. Such file deletion could disrupt the functionality of the website, especially if core files are removed.

Impact

Exploitation of this vulnerability could lead to unauthorized deletion of files from the website, with the potential to disrupt site functionality by removing essential core files.

Remediation

Users are advised to update to a version of the Hostme theme that is greater than 7.0. For those using Patchstack, a mitigation rule has been issued to block attacks targeting this vulnerability.

Added: Jan 22, 2026, 8:58 PM

Updated: Jan 22, 2026, 8:58 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

7.0

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

5.4

exploitability

7.0

remediation

0.0

relevance

2.3

threat

0.0

urgency

2.9

incentive

4.2

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

AivahThemes Hostme Path Traversal Vulnerability Allowing Arbitrary File Deletion

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating