exploitDog

CVE-2025-2005

Опубликовано: 02 апр. 2025

Источник: nvd

CVSS3: 9.8

EPSS Низкий

Описание

The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Ссылки

https://wordpress.org/support/plugin/front-end-only-users/
Product
https://www.wordfence.com/threat-intel/vulnerabilities/id/102223a1-07f5-485b-a6af-49cf316d9797?source=cve
Third Party Advisory

Уязвимые конфигурации

Конфигурация 1

cpe:2.3:a:etoilewebdesign:front_end_users:*:*:*:*:*:wordpress:*:*

Версия до 3.2.32 (включая)

EPSS

Процентиль: 80%

0.01454

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434

Связанные уязвимости

GHSA-w6ff-xghx-7936

CVSS3: 9.8

github

10 месяцев назад

The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

EPSS

Процентиль: 80%

0.01454

Низкий

9.8 Critical

CVSS3

Дефекты

CWE-434