CVE-2025-9515 in Multi Step Form Pluginالمعلومات

الملخص

بحسب MITRE • 06/09/2025

The Multi Step Form plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the import functionality in all versions up to, and including, 1.7.25. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

If you want to get the best quality for vulnerability data then you always have to consider VulDB.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

إفشاء

06/09/2025

الاعتدال

تمت الموافقة

إدخال

VDB-322855

CPE

جاهز

CWE

CWE-434 (مؤكد)

CVSS

7.2 (CNA)

EPSS

0.00440

KEV

لا

النشاطات

منخفض جدًا

القطاع

Hostingprovider

المصادر

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-9515
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-9515
CVE Details	https://www.cvedetails.com/cve/CVE-2025-9515/

التالي ▸نظرة عامة ◂ السابق

Do you know our Splunk app?

Download it now for free!