CVE Catalog
CVE-2026-39468
MediumCVSS 6.8Exploitation Probability (EPSS)
Low risk0.36%
27th percentile — higher than 27% of all known CVEs
Summary
In Meta Box, a WordPress custom fields framework, there is a vulnerability allowing arbitrary file deletion by a contributor in versions up to 5.11.1.
Risk Assessment
An attacker could exploit this vulnerability to delete critical files from the system, potentially leading to data loss and application disruption.
Recommendation
It is recommended to update Meta Box to the latest version to mitigate the risk associated with this vulnerability.
Original NVD description (English source)
Contributor Arbitrary File Deletion in Meta Box – WordPress Custom Fields Framework <= 5.11.1 versions.

