Primary

Context

WordPress Webinar Plugin WebinarPress Arbitrary File Creation Vulnerability Allowing Remote Code Execution

Vulnerability

Patched

A vulnerability exists in the WordPress Webinar Plugin - WebinarPress, in all versions through 1.33.24. The issue arises from a missing capability check on the 'sync-import-imgs' function, coupled with inadequate file type validation. This flaw enables authenticated attackers with subscriber-level access or higher to create arbitrary files, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability allows for arbitrary file creation, which can be leveraged to execute remote code on the server.

Remediation

Users are advised to update the WordPress Webinar Plugin - WebinarPress to version 1.33.25 or a newer patched version.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

2.2

impact

10.0

exploitability

6.1

remediation

7.7

relevance

0.0

threat

3.4

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Webinar Plugin WebinarPress Arbitrary File Creation Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

WordPress Webinar Plugin

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating