{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-11T03:10:59.004","vulnerabilities":[{"cve":{"id":"CVE-2025-13391","sourceIdentifier":"security@wordfence.com","published":"2026-02-11T17:16:06.500","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Product Options and Price Calculation Formulas for WooCommerce – Uni CPO (Premium) plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'uni_cpo_remove_file' function in all versions up to, and including, 4.9.60. This makes it possible for unauthenticated attackers to delete arbitrary attachments or files stored in Dropbox if the file path is known. The vulnerability was partially patched in version 4.9.60."},{"lang":"es","value":"El plugin Product Options and Price Calculation Formulas para WooCommerce – Uni CPO (Premium) para WordPress es vulnerable a la pérdida no autorizada de datos debido a una falta de verificación de capacidad en la función 'uni_cpo_remove_file' en todas las versiones hasta, e incluyendo, la 4.9.60. Esto hace posible que atacantes no autenticados eliminen archivos adjuntos o archivos arbitrarios almacenados en Dropbox si se conoce la ruta del archivo. La vulnerabilidad fue parcheada parcialmente en la versión 4.9.60."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:L/A:N","baseScore":5.8,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"NONE","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"NONE","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":3.9,"impactScore":1.4}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-862"}]}],"references":[{"url":"https://moomoo.agency/cpo","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/289a4076-974f-4b0c-bfaa-83c1b2cb62ef?source=cve","source":"security@wordfence.com"}]}}]}