CVE Catalog

CVE-2026-39468

MediumCVSS 6.8
Published: Updated: Translated: NVD NIST

Exploitation Probability (EPSS)

Low risk
0.36%

27th percentile — higher than 27% of all known CVEs

Summary

In Meta Box, a WordPress custom fields framework, there is a vulnerability allowing arbitrary file deletion by a contributor in versions up to 5.11.1.

Risk Assessment

An attacker could exploit this vulnerability to delete critical files from the system, potentially leading to data loss and application disruption.

Recommendation

It is recommended to update Meta Box to the latest version to mitigate the risk associated with this vulnerability.

Original NVD description (English source)

Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions.

Vulnerability data from NVD (NIST) · CISA KEV · EPSS