{"id":57257,"date":"2025-07-04T21:27:16","date_gmt":"2025-07-04T21:27:16","guid":{"rendered":""},"modified":"2025-10-03T07:08:44","modified_gmt":"2025-10-03T13:08:44","slug":"cve-2025-6755-wordpress-plugin-vulnerability-leads-to-arbitrary-file-deletion","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-6755-wordpress-plugin-vulnerability-leads-to-arbitrary-file-deletion\/","title":{"rendered":"CVE-2025-6755: WordPress Plugin Vulnerability Leads to Arbitrary File Deletion<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

Today we delve into a serious vulnerability, CVE-2025-6755, which targets the Game Users Share Buttons plugin for WordPress. This plugin, used extensively within the WordPress community, is popular among those looking to engage their user base with social media sharing options. Unfortunately, it has been found to have a severe vulnerability<\/a> that could potentially allow an attacker to execute arbitrary code on the targeted system.
\nThe vulnerability, which is due to insufficient file path validation<\/a> in a particular function, has a significant impact. It could lead to unauthorized system<\/a> access, data leakage, or even a full system compromise. Given the popularity of WordPress and the widespread use of the plugin<\/a>, the implications of this vulnerability are far-reaching and demand immediate attention.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-6755
\nSeverity: High (CVSS Score 8.8)
\nAttack Vector: Network
\nPrivileges Required: Low (Subscriber-level)
\nUser Interaction: Required
\nImpact: Potential system compromise and data<\/a> leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n