CRITICALCVE-2026-48906Published Modified CNA Joomla
CVE-2026-48906: Extension - tassos.gr - Arbitrary File Deletion in Novarain/Tassos Framework < 6.1.0 for Joomla
The vulnerability in the Tassos Framework Plugin allows users to delete arbitrary files on the affected sites.
Metrics
- CVSS v4.0
- 9.3
- Severity
- CRITICAL
- Fixed in
- —
- Affected Products
- 8
Affected packages
- tassos.gr / Novarain/Tassos Framework (plg_system_nrframework)1.0.0-6.0.1
- tassos.gr / Convert Forms1.0.0-4.4.12 · 5.0.0-5.1.5
- tassos.gr / EngageBox1.0.0-6.3.11 · 7.0.0-7.1.1
- tassos.gr / Google Structured Data1.0.0-5.6.11 · 6.0.0-6.1.9
- tassos.gr / Advanced Custom Fields1.0.0-2.8.12 · 3.0.0-3.1.3
- tassos.gr / Smile Pack1.0.0-1.2.6 · 2.0.0-2.1.0
- tassos.gr / Tassos Code Snippets1.0.0
- tassos.gr / MailChimp Auto-Subscribe1.0.0-5.0.5 · 5.1.0-5.2.0
CVSS Vector
CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:N/VI:H/VA:H/SC:N/SI:H/SA:H/AU:YReferences