WordPress Plugin Zero-Day: CSRF to Arbitrary File Deletion
The National Vulnerability Database (NVD) has flagged a critical vulnerability, CVE-2025-14868, affecting the Career Section plugin for WordPress. This zero-day allows for Cross-Site Request Forgery (CSRF) that can escalate to Path Traversal and Arbitrary File Deletion. All versions up to and including 1.6 are impacted.
According to NVD, the root cause lies in the plugin’s ‘appform_options_page_html’ function, specifically due to missing nonce validation and insufficient file path validation on the delete action. This combination creates a dangerous vector where an unauthenticated attacker could delete arbitrary files on the server. The catch? It requires tricking a site administrator into clicking a malicious link or performing another forged request. While user interaction is needed, the impact is severe, earning a CVSS score of 8.8 (HIGH). This is a prime example of how seemingly minor validation oversights can open the door to catastrophic server compromise.
What This Means For You
- If your environment is affected by CWE-22, patch immediately and audit logs for signs of exploitation. Monitor vendor advisories for CVE-2025-14868 updates and patches.
Related ATT&CK Techniques
🛡️ Detection Rules
5 rules · 6 SIEM formats5 auto-generated detection rules for this incident, mapped to MITRE ATT&CK. Available in Sigma, Splunk SPL, Sentinel KQL, Elastic Lucene, QRadar AQL, and Wazuh.
Web Application Exploitation Attempt — CVE-2025-14868
Want this in your SIEM's native format? Get Splunk SPL, Sentinel KQL, Elastic, QRadar AQL, or Wazuh — ready to paste.
5 Sigma rules mapped to the ATT&CK techniques from this breach — pick your SIEM and get a ready-to-paste query.
Get All SIEM Formats →Indicators of Compromise
| ID | Type | Indicator |
|---|---|---|
| CVE-2025-14868 | CSRF | WordPress plugin 'Career Section' versions <= 1.6 |
| CVE-2025-14868 | Path Traversal | WordPress plugin 'Career Section' versions <= 1.6 |
| CVE-2025-14868 | Arbitrary File Deletion | WordPress plugin 'Career Section' versions <= 1.6, function 'appform_options_page_html' delete action |
| CVE-2025-14868 | Missing Nonce Validation | WordPress plugin 'Career Section' versions <= 1.6, function 'appform_options_page_html' delete action |
| CVE-2025-14868 | Insufficient File Path Validation | WordPress plugin 'Career Section' versions <= 1.6, function 'appform_options_page_html' delete action |
Related Posts
Rhysida Ransomware Hits Tennessee Hospital, Leaks 500GB Data
Cookeville Regional Medical Center, a Tennessee-based hospital, fell victim to a significant data breach last year, as reported by SecurityWeek. The notorious Rhysida ransomware group...
DirectoryPress Plugin Flaw Exposes WordPress Sites to SQL Injection
CVE-2026-3489 — The DirectoryPress – Business Directory And Classified Ad Listing plugin for WordPress is vulnerable to SQL Injection via the 'packages' parameter in versions...
CVE-2026-3369 — Cross-Site Scripting (XSS)
CVE-2026-3369 — The Better Find and Replace – AI-Powered Suggestions plugin for WordPress is vulnerable to Stored Cross-Site Scripting via uploaded image title in versions...