2025-05-05 16:21:46
Wordfence
PUBLISHED
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the zetra_deleteLanguageFile and zetra_deleteFontsFile functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete language files.