Primary

Context

Astra Security Suite WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the Astra Security Suite – Firewall & Malware Scan plugin for WordPress, affecting all versions through 0.2. This issue arises from inadequate validation of remote URLs for zip downloads, combined with an easily guessable key, which enables unauthenticated attackers to upload arbitrary files to the affected site's server. Such uploads could potentially lead to remote code execution.

Impact

Exploitation of this vulnerability could allow for arbitrary file uploads, with the potential for remote code execution on the affected server.

Remediation

No known patch is available for this vulnerability. It is recommended to review the vulnerability details thoroughly and consider uninstalling the affected plugin.

Added: Nov 11, 2025, 5:09 AM

Updated: Nov 11, 2025, 5:09 AM

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Vulnerability Rating

Custom Algorithm

spread

0.0

impact

7.5

exploitability

7.4

remediation

0.0

relevance

0.9

threat

0.0

urgency

2.9

incentive

5.8

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.

Astra Security Suite WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

Impact

Remediation

Affected Products

CVSS Scores

References

Vulnerability Rating

Vulnerability Rating