๐Ÿ” CVE Alert

CVE-2026-11563

CRITICAL 9.6

Word Count and Social Shares <= 1.0 - Subscriber+ Arbitrary File Deletion via Path Traversal

CVSS Score
9.6
EPSS Score
0.0%
EPSS Percentile
0th

The Word Count and Social Shares WordPress plugin through 1.0 does not validate a user-supplied file path before deletion, nor does it have proper authorization or CSRF checks, allowing any authenticated user, such as a Subscriber, to delete arbitrary files on the server, which can lead to a full site takeover (e.g. by deleting wp-config.php).

Vendor unknown
Product word count and social shares
Published Jul 14, 2026
Last Updated Jul 14, 2026
Stay Ahead of the Next One

Get instant alerts for unknown word count and social shares

Be the first to know when new critical vulnerabilities affecting unknown word count and social shares are published โ€” delivered to Slack, Telegram or Discord.

Get Free Alerts โ†’ Free ยท No credit card ยท 60 sec setup

Affected Versions

Unknown / Word Count and Social Shares
0 โ‰ค 1.0

References

NVD โ†— CVE.org โ†— EPSS Data โ†—
wpscan.com: https://wpscan.com/vulnerability/7f4b5f16-6c31-4dcc-94a4-120cb45631bb/

Credits

Muni Nitish Kumar Yaddala WPScan