CVE-2025-5927 is a high-severity vulnerability affecting the Everest Forms Pro plugin for WordPress, specifically all versions up to and including 1.9.4. The vulnerability arises from insufficient validation of file paths in the delete_entry_files() function, which is responsible for deleting files associated with form entries. This flaw allows an attacker to perform an absolute path traversal attack, enabling the deletion of arbitrary files on the server hosting the WordPress site. Although the attacker is unauthenticated and cannot directly trigger the deletion, the exploit requires an administrator to initiate the deletion of a form entry, which then invokes the vulnerable function. By exploiting this vulnerability, an attacker can delete critical files such as wp-config.php, which can lead to remote code execution (RCE) by destabilizing the WordPress environment or enabling further malicious actions. The vulnerability is classified under CWE-36 (Absolute Path Traversal), indicating that the root cause is improper sanitization of file paths allowing traversal outside intended directories. The CVSS 3.1 base score is 7.5 (high), with vector AV:N/AC:H/PR:N/UI:R/S:U/C:H/I:H/A:H, meaning the attack can be performed remotely without privileges but requires high attack complexity and user interaction (admin triggering deletion). No known exploits are currently reported in the wild, and no patches have been linked yet, indicating the need for immediate attention and mitigation by affected users.

For European organizations, this vulnerability poses a significant risk to the confidentiality, integrity, and availability of WordPress-based web assets, especially those using the Everest Forms Pro plugin. Successful exploitation can lead to deletion of critical configuration files, potentially causing website downtime, data loss, and enabling further compromise such as remote code execution. This can disrupt business operations, damage reputation, and expose sensitive customer or organizational data. Organizations relying on WordPress for customer engagement, e-commerce, or internal portals may face service interruptions and compliance issues, especially under GDPR regulations where data protection is paramount. The requirement for an admin to trigger the deletion means insider threat or social engineering attacks targeting administrators could facilitate exploitation, increasing the risk profile. Given WordPress's popularity in Europe and the widespread use of form plugins for data collection, the vulnerability could affect a broad range of sectors including government, finance, healthcare, and education.

1. Immediate mitigation should focus on restricting administrative access to trusted personnel only and enforcing multi-factor authentication (MFA) for all WordPress admin accounts to reduce the risk of social engineering or credential compromise. 2. Monitor and audit all form entry deletion activities to detect any unusual or unauthorized deletion requests. 3. Implement web application firewalls (WAF) with custom rules to detect and block suspicious path traversal patterns in requests related to form entry deletions. 4. Isolate WordPress installations in hardened environments with strict file system permissions to limit the impact of arbitrary file deletions. 5. Regularly back up critical WordPress files, including wp-config.php and database backups, to enable rapid recovery in case of file deletion. 6. Stay alert for official patches or updates from WPEverest and apply them promptly once available. 7. Educate administrators about the risk of this vulnerability and the importance of cautious handling of form entry deletions. 8. Consider temporarily disabling the Everest Forms Pro plugin or restricting its usage until a patch is released if the risk is deemed unacceptable.