exploitDog

CVE-2025-12057

Опубликовано: 19 нояб. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE

Ссылки

https://wpscan.com/vulnerability/110db433-01ec-47ea-b74f-c3faa1757a3c/

EPSS

Процентиль: 36%

0.00151

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-5h9q-jf3c-852w

CVSS3: 9.8

github

3 месяца назад

The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE

EPSS

Процентиль: 36%

0.00151

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434