CVE-2026-48906

Summary

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.

Affected Software

VendorProductVersion RangeStatus
tassos.grNovarain/Tassos Framework (plg_system_nrframework)1.0.0-6.0.1affected
tassos.grConvert Forms1.0.0-4.4.12affected
tassos.grConvert Forms5.0.0-5.1.5affected
tassos.grEngageBox1.0.0-6.3.11affected
tassos.grEngageBox7.0.0-7.1.1affected
tassos.grGoogle Structured Data1.0.0-5.6.11affected
tassos.grGoogle Structured Data6.0.0-6.1.9affected
tassos.grAdvanced Custom Fields1.0.0-2.8.12affected
tassos.grAdvanced Custom Fields3.0.0-3.1.3affected
tassos.grSmile Pack1.0.0-1.2.6affected
tassos.grSmile Pack2.0.0-2.1.0affected
tassos.grTassos Code Snippets1.0.0affected
tassos.grMailChimp Auto-Subscribe1.0.0-5.0.5affected
tassos.grMailChimp Auto-Subscribe5.1.0-5.2.0affected

Weaknesses

  • CWE-284: CWE-284 Improper Access Control

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: yes
    • Technical Impact: partial

References