{"id":82075,"date":"2026-07-16T10:46:47","date_gmt":"2026-07-16T07:16:47","guid":{"rendered":"https:\/\/afaghhosting.net\/blog\/cve-2026-12979-funnelkit-3-15-0-6-admin-arbitrary-file-deletion-via-path-traversal-in-template-importer\/"},"modified":"2026-07-16T10:46:47","modified_gmt":"2026-07-16T07:16:47","slug":"cve-2026-12979-funnelkit-3-15-0-6-admin-arbitrary-file-deletion-via-path-traversal-in-template-importer","status":"publish","type":"post","link":"https:\/\/afaghhosting.net\/blog\/cve-2026-12979-funnelkit-3-15-0-6-admin-arbitrary-file-deletion-via-path-traversal-in-template-importer\/","title":{"rendered":"CVE-2026-12979 &#8211; FunnelKit &lt; 3.15.0.6 &#8211; Admin+ Arbitrary File Deletion via Path Traversal in Template Importer"},"content":{"rendered":"<p>CVE ID :CVE-2026-12979<\/p>\n<p>  Published : July 16, 2026, 7:16 a.m. | 18\u00a0minutes ago<\/p>\n<p>  Description :The FunnelKit  WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable other FunnelKit  WordPress plugin before 3.15.0.6 or  (denial of service).<\/p>\n<p>  Severity: 0.0 | NA<\/p>\n<p>  Visit the link for more details, such as CVSS details, affected products, timeline, and more&#8230;\u00a0<\/p>\n","protected":false},"excerpt":{"rendered":"<p>CVE ID :CVE-2026-12979 Published : July 16, 2026, 7:16 a.m. | 18\u00a0minutes ago Description :The FunnelKit WordPress plugin before 3.15.0.6 does not validate a user-supplied path before deleting a file during a template-import operation, allowing users with administrator privileges to delete arbitrary .json files outside the intended directory through path traversal, which can disable other &hellip;<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"closed","ping_status":"closed","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[26],"tags":[],"class_list":["post-82075","post","type-post","status-publish","format-standard","hentry","category-vulnerability"],"_links":{"self":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/82075","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/comments?post=82075"}],"version-history":[{"count":0,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/posts\/82075\/revisions"}],"wp:attachment":[{"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/media?parent=82075"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/categories?post=82075"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/afaghhosting.net\/blog\/wp-json\/wp\/v2\/tags?post=82075"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}