CVEDB API

The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.

Exploit prediction scoring system (EPSS) score

EPSS Score 0.001

EPSS Ranking 16.4%

CVSS Severity

CVSS v3 Score 8.1

References

Products affected by CVE-2026-48906

Tassos » Advanced Custom Fields » Version: Any

cpe:2.3:a:tassos:advanced_custom_fields:*
Tassos » Convert Forms » Version: Any

cpe:2.3:a:tassos:convert_forms:*
Tassos » Engagebox » Version: Any

cpe:2.3:a:tassos:engagebox:*
Tassos » Google Structured Data » Version: Any

cpe:2.3:a:tassos:google_structured_data:*
Tassos » Mailchimp Auto-Subscribe » Version: Any

cpe:2.3:a:tassos:mailchimp_auto-subscribe:*
Tassos » Smile Pack » Version: Any

cpe:2.3:a:tassos:smile_pack:*
Tassos » Tassos Code Snippets » Version: 1.0.0

cpe:2.3:a:tassos:tassos_code_snippets:1.0.0
Tassos » Tassos Framework » Version: Any

cpe:2.3:a:tassos:tassos_framework:*