CVE-2019-14206

HIGH EXPLOITED NUCLEI LAB

Nevma Adaptive Images <0.6.67 - Privilege Escalation

Title source: llm

Description

An Arbitrary File Deletion vulnerability in the Nevma Adaptive Images plugin before 0.6.67 for WordPress allows remote attackers to delete arbitrary files via the $REQUEST['adaptive-images-settings'] parameter in adaptive-images-script.php.

Exploits (1)

nomisec WORKING POC

by developerfred · remote

https://github.com/developerfred/cve-2019-14206-poc

View Code ZIP pw:eip

Nuclei Templates (1)

Nevma Adaptive Images - Arbitrary File Deletion

HIGHVERIFIEDby riteshs4hu

References (4)

[Exploit, Third Party Advisory] https://github.com/markgruffer/markgruffer.github.io/blob/master/_posts/2019-07-19-adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.markdown

[Exploit, Third Party Advisory] https://markgruffer.github.io/2019/07/19/adaptive-images-for-wordpress-0-6-66-lfi-rce-file-deletion.html

[Release Notes] https://wordpress.org/plugins/adaptive-images/#developers

[Third Party Advisory] https://wpvulndb.com/vulnerabilities/9468

Scores

CVSS v3 7.5

EPSS 0.2112

EPSS Percentile 95.7%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:H/A:N

Lab Environment

COMMUNITY

Community Lab

docker pull wordpress:latest

https://github.com/developerfred/cve-2019-14206-poc

View in Library

Details

VulnCheck KEV 2019-07-19

CWE

CWE-22

Status published

Products (1)

nevma/adaptive_images < 0.6.67

Published Jul 21, 2019

Tracked Since Feb 18, 2026