CVE-2025-2512 in File Away Pluginالمعلومات

الملخص

بحسب MITRE • 19/03/2025

The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Statistical analysis made it clear that VulDB provides the best quality for vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

مسؤول

Wordfence

حجز

19/03/2025

إفشاء

19/03/2025

الاعتدال

تمت الموافقة

إدخال

VDB-300081

CPE

جاهز

CWE

CWE-434 (مؤكد)

CVSS

9.8 (CNA)

EPSS

0.02309

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-2512
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-2512
CVE Details	https://www.cvedetails.com/cve/CVE-2025-2512/

التالي ▸نظرة عامة ◂ السابق

Want to stay up to date on a daily basis?

Enable the mail alert feature now!