CVE-2025-7846 | vanquish User Extra Fields Plugin up to 16.7 on WordPress wp-config.php save_fields absolute path traversal

October 31, 2025 Yanac

A vulnerability, which was classified as critical, has been found in vanquish User Extra Fields Plugin up to 16.7 on WordPress. Affected by this vulnerability is the function save_fields of the file wp-config.php. The manipulation leads to absolute path traversal.

This vulnerability is uniquely identified as CVE-2025-7846. The attack is possible to be carried out remotely. No exploit exists.VulDB Recent EntriesRead More