CVE-2026-13492 - UsersWP <= 1.2.65 - Authenticated (Subscriber+) Arbitrary File Deletion via File Upload Field
CVE ID :CVE-2026-13492 Published : July 9, 2026, 7:17 p.m. | 1 hour, 15 minutes ago Description :The UsersWP plugin for WordPress is vulnerable to Arbitrary File Deletion in versions up to, and including, 1.2.65. This is due to insufficient validation of file-field values in the...