bloofox v0.5.2 exists to contain an arbitrary file deletion vulnerability via the delete_file() function.
bloofox bloofoxcms 0.5.2