cleantalk
Vulnerabilities and Security Researches

Meta Box – WordPress Custom Fields Framework, CVE-2019-14793

CVE, Research URL

CVE-2019-14793

Home page URL

Security reports for Meta Box – WordPress Custom Fields Framework

Application

Meta Box – WordPress Custom Fields Framework

Published on
-
Research Description
The Meta Box plugin before 4.16.3 for WordPress allows file deletion via ajax, with the wp-admin/admin-ajax.php?action=rwmb_delete_file attachment_id parameter.
Affected versions
max 4.16.3.
Status
vulnerable
Previous vulnerability researches
Authors Autocomplete Meta Box (CVE-2025-25169) , Feb 17, 2025
Meta Box – WordPress Custom Fields Framework (CVE-2024-1204) , Jun 07, 2024
Meta Box – WordPress Custom Fields Framework (CVE-2023-6526) , Jun 07, 2024
Meta Box – WordPress Custom Fields Framework (CVE-2025-14675) , Mar 29, 2026
Meta Box – WordPress Custom Fields Framework (CVE-2019-14794) , Jun 10, 2024
New vulnerability
PowerPack Addons for Elementor (Free Widgets, Extensions and Templates) (CVE-2026-32430) , Mar 29, 2026
YayMail – WooCommerce Email Customizer (CVE-2026-27327) , Mar 29, 2026
Strong Testimonials (CVE-2026-24957) , Mar 29, 2026
BackWPup – WordPress Backup Plugin (CVE-2025-15041) , Mar 29, 2026
hCaptcha for WordPress (CVE-2026-25315) , Mar 29, 2026