CVE-2025-26752: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2025-26752 affects the VideoWhisper Live Streaming Integration WordPress plugin versions up to 6.1.10. This security flaw is characterized as an arbitrary file deletion vulnerability due to insufficient file path validation. The issue was discovered and publicly disclosed on February 14, 2025 (WPScan).

The vulnerability is classified as a Path Traversal issue that allows for improper limitation of a pathname to a restricted directory. It has received a CVSS score of 9.1 (Critical), indicating its severe nature. The technical root cause stems from insufficient file path validation in a core function of the plugin (WPScan, Patchstack).

The vulnerability enables unauthenticated attackers to delete arbitrary files on the server. This capability is particularly dangerous as it can lead to remote code execution when critical files, such as wp-config.php, are targeted and deleted. The high CVSS score of 9.1 reflects the severe potential impact of this vulnerability (WPScan, Patchstack).

The vulnerability has been patched in version 6.2.1 of the VideoWhisper Live Streaming Integration plugin. Website administrators are strongly advised to update to this version or later immediately. For users unable to update immediately, virtual patching solutions are available through security providers to mitigate the risk (Patchstack).