CVE-2026-48906
Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla
CVSS Score
0.0
EPSS Score
0.1%
EPSS Percentile
16th
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.
| CWE | CWE-284 |
| Vendor | tassos.gr |
| Product | novarain/tassos framework (plg_system_nrframework) |
| Published | May 27, 2026 |
| Last Updated | Jun 5, 2026 |
Stay Ahead of the Next One
Get instant alerts for tassos.gr novarain/tassos framework (plg_system_nrframework)
Be the first to know when new unknown vulnerabilities affecting tassos.gr novarain/tassos framework (plg_system_nrframework) are published โ delivered to Slack, Telegram or Discord.
Get Free Alerts โ
Free ยท No credit card ยท 60 sec setup
Affected Versions
tassos.gr / Novarain/Tassos Framework (plg_system_nrframework)
1.0.0-6.0.1
tassos.gr / Convert Forms
1.0.0-4.4.12 5.0.0-5.1.5
tassos.gr / EngageBox
1.0.0-6.3.11 7.0.0-7.1.1
tassos.gr / Google Structured Data
1.0.0-5.6.11 6.0.0-6.1.9
tassos.gr / Advanced Custom Fields
1.0.0-2.8.12 3.0.0-3.1.3
tassos.gr / Smile Pack
1.0.0-1.2.6 2.0.0-2.1.0
tassos.gr / Tassos Code Snippets
1.0.0
tassos.gr / MailChimp Auto-Subscribe
1.0.0-5.0.5 5.1.0-5.2.0
Credits
Leandro Vallim