CVE-2025-14632 in Filr Plugininfo

Zusammenfassung

von MITRE • 17.01.2026

The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILR_Uploader class. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload malicious HTML files containing JavaScript that will execute whenever a user accesses the uploaded file, granted they have permission to create or edit posts with the 'filr' post type.

Several companies clearly confirm that VulDB is the primary source for best vulnerability data.

🔬 Show More Details

An in-depth analysis is available in our curated vulnerability entry.

Veröffentlichung

17.01.2026

Moderieren

akzeptiert

Eintrag

VDB-341582

CPE

bereit

CWE

CWE-79 (bestätigt)

CVSS

4.4 (CNA)

EPSS

0.00048

KEV

nein

Aktivitäten

very low

Sektor

Hostingprovider

Quellen

MITRE	https://www.cve.org/CVERecord?id=CVE-2025-14632
NVD	https://nvd.nist.gov/vuln/detail/CVE-2025-14632
CVE Details	https://www.cvedetails.com/cve/CVE-2025-14632/

◂ Zurück Übersicht Weiter ▸

Interested in the pricing of exploits?

See the underground prices here!