• Appears to delete files which are stored in usermeta. This may allow an attacker to delete arbitrary files if they can add usermeta fields (eg. through a vulnerability in some other plugin)

The plugin contains or is likely to contain a vulnerability which could be exploited by a privileged user to affect the site’s confidentiality, integrity or availability in a manner exceeding their privileges:

• May allow an attacker able to add arbitrary data to a usermeta field the ability to delete arbitrary files