Primary

Context

WordPress Plugins and Themes Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in multiple WordPress plugins and themes. This issue arises from a missing capability check in the ajaxUploadFonts() function, affecting various versions. Authenticated attackers with Subscriber-level access and above can exploit this vulnerability to upload files that may lead to remote code execution. While this issue was partially patched, it remains exploitable.

Impact

Exploitation of this vulnerability allows authenticated users to upload arbitrary files, potentially leading to remote code execution.

Remediation

No known patch is available. It is recommended to review the vulnerability details and consider uninstalling the affected software.

Added: Jun 9, 2025, 7:46 PM

Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

10.0

exploitability

5.2

remediation

0.0

relevance

0.0

threat

0.0

urgency

2.9

incentive

1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

WordPress Plugins and Themes Arbitrary File Upload Vulnerability Allowing Remote Code Execution

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating