Volerion logoVolerion
Volerion logoVolerion

Aeropage Sync for Airtable WordPress Plugin Arbitrary File Upload Vulnerability

Vulnerability

A vulnerability allowing arbitrary file uploads has been identified in the Aeropage Sync for Airtable WordPress plugin, affecting all versions up to and including 3.2.0. The issue arises from inadequate file type validation in the 'aeropage_media_downloader' function. This vulnerability enables authenticated attackers with Subscriber-level access and above to upload arbitrary files to the server, potentially leading to remote code execution.

Impact

Exploitation of this vulnerability could allow for unauthorized file uploads, which may be executed remotely, depending on the file type and context.

Reproduction

To reproduce this vulnerability, an authenticated user with Subscriber-level access or higher can upload files through the media downloader feature of the Aeropage Sync for Airtable WordPress plugin, version 3.2.0 or earlier. The plugin's functionality allows for the synchronization of Airtable data, including media attachments, which can be exploited to upload malicious files to the WordPress site.

Remediation

Users are advised to update the Aeropage Sync for Airtable WordPress plugin to version 3.3.0 or later, where this vulnerability has been patched.

Added: Jun 9, 2025, 7:46 PM
Updated: Jun 9, 2025, 7:46 PM

Vulnerability Rating

Custom Algorithm
spread
1.0
impact
7.5
exploitability
6.4
remediation
7.7
relevance
0.0
threat
4.9
urgency
2.9
incentive
1.7

Our algorithm analyzes dozens of metrics to generate these 8 key vulnerability categories, which are then combined to calculate the overall risk score.