CVE-2025-2891
CVE-2025-2891
Título es
CVE-2025-2891
Mar, 01/04/2025 – 08:15
Tipo
CWE-434
Gravedad 2.0 Txt
Pendiente de análisis
Título en
CVE-2025-2891
Descripción en
The Real Estate 7 WordPress theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the 'template-submit-listing.php' file in all versions up to, and including, 3.5.4. This makes it possible for authenticated attackers, with Seller-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible if front-end listing submission has been enabled.
01/04/2025
01/04/2025
Vector CVSS:3.1
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
Gravedad 3.1 (CVSS 3.1 Base Score)
8.80
Gravedad 3.1 Txt Gravedad 3.1 (CVSS 3.1 Base Score)
HIGH
Referencias
Enviar en el boletín
Off
