← Back

CVE-2026-48906

nvd nist
Published: May 27, 2026Modified: Jun 1, 2026

JSON object

Loading...
9.3
Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:X
Show more
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:Y/R:X/V:X/RE:X/U:XShow less
Source: security@joomla.org (Secondary)

Description

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.

Affected (14)

Tassos
8 products
Advanced Custom Fields
Convert Forms
Engagebox
Google Structured Data
Mailchimp Auto Subscribe
Smile Pack
Tassos Code Snippets
Tassos Framework
Configuration A
14 vulnerable
Vulnerable SoftwareAffected Versions
Tassos
Advanced Custom Fields
From 1.0.0 to 2.8.12
Advanced Custom Fields
From 3.0.0 to 3.1.3
Tassos
Convert Forms
From 1.0.0 to 4.4.12
Convert Forms
From 5.0.0 to 5.1.5
Tassos
Engagebox
From 1.0.0 to 6.3.11
Engagebox
From 7.0.0 to 7.1.1
Tassos
Google Structured Data
From 1.0.0 to 5.6.11
Google Structured Data
From 6.0.0 to 6.1.9
Tassos
Mailchimp Auto Subscribe
From 1.0.0 to 5.0.5
Mailchimp Auto Subscribe
From 5.1.0 to 5.2.0
Tassos
Smile Pack
From 1.0.0 to 1.2.6
Smile Pack
From 2.0.0 to 2.1.0
Tassos Code Snippets
Version 1.0.0
Tassos Framework
From 1.0.0 to 6.0.1

Related CWEs

CWE-284
Improper Access Control
The product does not restrict or incorrectly restricts access to a resource from an unauthorized actor.

References (1)

Source: security@joomla.org
Product

Timeline

No history available yet.