CVE-2025-14938 in Listeo-Core Plugininfo

Zusammenfassung (Englisch)

The Listeo Core plugin for WordPress is vulnerable to unauthenticated arbitrary media upload in all versions up to, and including, 2.0.27 via the "listeo_core_handle_dropped_media" function. This is due to missing authorization and capability checks on the AJAX endpoint handling file uploads. This makes it possible for unauthenticated attackers to upload arbitrary media to the site's media library, without achieving direct code execution.

If you want to get best quality of vulnerability data, you may have to visit VulDB.

Zuständig

Wordfence

Reservieren

18.12.2025

Veröffentlichung

04.04.2026

Status

Bestätigt

Einträge

VulDB provides additional information and datapoints for this CVE:

ID	Schwachstelle	CWE	Aus	Mas	CVE
355318	purethemes Listeo-Core Plugin AJAX listeo_core_handle_dropped_media erweiterte Rechte	434	Nicht definiert	Offizieller Fix	CVE-2025-14938

Beschreibung

CPE

CWE

CVSS

Exploits

History

Diff

Verknüpfen

Threat Intelligence

API JSON

API XML

API CSV

Quellen

◂ ZurückÜbersichtWeiter ▸

Are you interested in using VulDB?

Download the whitepaper to learn more about our service!