CVE-2025-47512: 
WordPress vulnerability analysis and mitigation

The vulnerability CVE-2025-47512 is a Path Traversal vulnerability affecting the WordPress Tainacan plugin versions through 0.21.14. This security flaw was discovered by researcher astra.r3verii on April 16, 2025, and was publicly disclosed on May 16, 2025. The vulnerability allows for arbitrary file deletion and affects the Tainacan plugin's core functionality (Patchstack, Wiz).

The vulnerability is classified as an Improper Limitation of a Pathname to a Restricted Directory (Path Traversal) issue. It has received a CVSS v3.1 Base Score of 8.6 (HIGH) with the vector string CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H. The vulnerability is particularly concerning as it can be exploited without authentication (Patchstack).

The vulnerability could allow malicious actors to delete files from affected websites. If core files are targeted, it could result in website breakage and loss of functionality. The high CVSS score of 8.6 indicates this is a severe security issue that is expected to become mass exploited (Patchstack).

The vulnerability has been fixed in version 0.21.15 of the Tainacan plugin. Users are strongly advised to update to this version or later immediately. For users of Patchstack, a virtual patch has been issued to mitigate this issue by blocking attacks until the update can be applied (Patchstack).