CYBERHAWK / CVE / CVE-2018-25308

CVE-2018-25308

BuddyPress Xprofile Custom Fields Type

HIGH CVSS 8.8 vibe

The flaw

Remote code execution allows authenticated users to delete arbitrary files.

What to do

Update to version 2.6.4 or later

▸ Scan my repo for CVE-2018-25308

References

NVD CISA KEV OSV GitHub Advisory MITRE News search
First seen 2026-05-01 · Tracked by PickBits CyberHawk · Weekly CVE digest
← All CVEs RSS Scheduled audits