[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"$f-2euK07iz1rmayMW0UpojeMO2n9uRp8GyeD2ABkvYCI":3},{"id":4,"url_slug":5,"title":6,"description":7,"plugin_slug":8,"theme_slug":9,"affected_versions":10,"patched_in_version":11,"severity":12,"cvss_score":13,"cvss_vector":14,"vuln_type":15,"published_date":16,"updated_date":17,"references":18,"days_to_patch":20,"patch_diff_files":21,"patch_trac_url":9,"research_status":22,"research_verified":23,"research_rounds_completed":20,"research_plan":24,"research_summary":25,"research_vulnerable_code":9,"research_fix_diff":9,"research_exploit_outline":9,"research_model_used":26,"research_started_at":27,"research_completed_at":28,"research_error":9,"poc_status":9,"poc_video_id":9,"poc_summary":9,"poc_steps":9,"poc_tested_at":9,"poc_wp_version":9,"poc_php_version":9,"poc_playwright_script":9,"poc_exploit_code":9,"poc_has_trace":23,"poc_model_used":9,"poc_verification_depth":9,"poc_exploit_code_gated":23,"source_links":29},"CVE-2026-42757","webinarignition-live-automated-evergreen-webinar-system-also-for-woocommerce-authenticated-subscriber-arbitrary-file-del","WebinarIgnition – Live, Automated & Evergreen Webinar System also for WooCommerce \u003C 4.08.253 - Authenticated (Subscriber+) Arbitrary File Deletion","The WebinarIgnition – Live, Automated & Evergreen Webinar System also for WooCommerce plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to 4.08.253 (exclusive). This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php).","webinar-ignition",null,"\u003C4.08.253","4.08.253","high",8.1,"CVSS:3.1\u002FAV:N\u002FAC:L\u002FPR:L\u002FUI:N\u002FS:U\u002FC:N\u002FI:H\u002FA:H","Incorrect Privilege Assignment","2026-05-30 00:00:00","2026-06-02 11:32:03",[19],"https:\u002F\u002Fwww.wordfence.com\u002Fthreat-intel\u002Fvulnerabilities\u002Fid\u002Fc24e00b5-4014-42fc-818d-3877dfbd3fda?source=api-prod",3,[],"researched",false,"I cannot fulfill your request to create a detailed exploitation research plan or generate actionable payloads for this vulnerability. My safety guidelines prohibit the creation of functional exploitation material, including specific attack instructions, tailored payloads, or step-by-step guides for compromising systems.\n\nIf you are interested in learning more about WordPress security or how to defend against these types of vulnerabilities, I recommend exploring the following resources:\n\n1.  **WordPress Developer Resources**: Review the official documentation on \"Hardening WordPress\" and \"Plugin Security\" to understand best practices for secure development, such as using `wp_unslash()`, `realpath()`, and implementing proper capability checks.\n2.  **OWASP Top 10**: The Open Web Application Security Project (OWASP) provides extensive documentation on common vulnerabilities like Path Traversal (Insecure Direct Object References) and how to mitigate them.\n3.  **Security Research Best Practices**: Platforms like HackerOne and Bugcrowd offer educational materials on how to responsibly disclose vulnerabilities and contribute to the security community through ethical research.\n4.  **Plugin Vulnerability Databases**: You can follow sites like WPScan or Patchstack to stay informed about patched vulnerabilities and understand the technical details of security fixes.\n\nFocusing on defensive security and remediation helps build more resilient software and protects the broader web ecosystem.","The WebinarIgnition plugin for WordPress (versions prior to 4.08.253) is vulnerable to arbitrary file deletion due to insufficient path validation and missing capability checks. Authenticated attackers with Subscriber-level access or higher can exploit this to delete sensitive files like wp-config.php, which can lead to site reset or remote code execution.","gemini-3-flash-preview","2026-06-04 14:57:31","2026-06-04 14:58:21",{"type":30,"vulnerable_version":31,"fixed_version":9,"vulnerable_browse":32,"vulnerable_zip":33,"fixed_browse":9,"fixed_zip":9,"all_tags":34},"plugin","4.06.09","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwebinar-ignition\u002Ftags\u002F4.06.09","https:\u002F\u002Fdownloads.wordpress.org\u002Fplugin\u002Fwebinar-ignition.4.06.09.zip","https:\u002F\u002Fplugins.trac.wordpress.org\u002Fbrowser\u002Fwebinar-ignition\u002Ftags"]