Medium severity5.3NVD Advisory· Published May 5, 2025· Updated Jun 17, 2026
CVE-2024-11615
CVE-2024-11615
Description
The Envolve Plugin plugin for WordPress is vulnerable to arbitrary file deletion in all versions up to, and including, 1.0 via the 'zetra_deleteLanguageFile' and 'zetra_deleteFontsFile' functions. This is due to the plugin not properly validating a file or its path prior to deleting it. This makes it possible for unauthenticated attackers to delete language files.
Affected products
1- Range: <=1.0
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.