VYPR
Medium severity6.5NVD Advisory· Published Apr 15, 2026· Updated Apr 22, 2026

CVE-2025-15470

CVE-2025-15470

Description

The Eleganzo theme for WordPress is vulnerable to arbitrary directory deletion due to insufficient path validation in the akd_required_plugin_callback function in all versions up to, and including, 1.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary directories on the server, including the WordPress root directory.

Patches

Vulnerability mechanics

References

2

News mentions

1