CVE-2025-2512

19 Mar 2025

Título es
CVE-2025-2512

Mié, 19/03/2025 – 12:15

Tipo
CWE-434

Gravedad 2.0 Txt
Pendiente de análisis

Título en

CVE-2025-2512

Descripción en
The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

19/03/2025

Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Gravedad 3.1 (CVSS 3.1 Base Score)
9.80

Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
CRITICAL

Referencias

https://plugins.trac.wordpress.org/browser/file-away/trunk/lib/cls/class.fileaway_management.php#L1094

https://wordpress.org/plugins/file-away/#developers

https://www.wordfence.com/threat-intel/vulnerabilities/id/9a93313d-a5d7-4109-93c5-b2da26e7a486?source=cve

Enviar en el boletín
Off