CVE-2026-48906

HIGH

Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla

Title source: cna
STIX 2.1

Description

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.

References (1)

Core 1
Core References
Product product
https://tassos.gr

Scores

CVSS v3 8.1
EPSS 0.0027
EPSS Percentile 18.1%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact partial

Details

CWE
CWE-284
Status published
Products (22)
tassos/advanced_custom_fields 1.0.0 - 2.8.12
tassos/convert_forms 1.0.0 - 4.4.12
tassos/engagebox 1.0.0 - 6.3.11
tassos/google_structured_data 1.0.0 - 5.6.11
tassos/mailchimp_auto-subscribe 1.0.0 - 5.0.5
tassos/smile_pack 1.0.0 - 1.2.6
tassos/tassos_code_snippets 1.0.0
tassos/tassos_framework 1.0.0 - 6.0.1
tassos.gr/Advanced Custom Fields 1.0.0-2.8.12
tassos.gr/Advanced Custom Fields 3.0.0-3.1.3
... and 12 more
Published May 27, 2026
Tracked Since May 27, 2026