File Upload Vulnerability in Iptanus Plugin for WordPress
CVE-2025-15546

Currently unrated

Key Information:

Vendor: WordPress
Status: Iptanus File Upload
Vendor: CVE Published:; 14 June 2026

Badges

👾 Exploit Exists🟡 Public PoC

What is CVE-2025-15546?

The Iptanus File Upload WordPress plugin prior to version 5.1.7 is susceptible to a vulnerability that arises from improper file handling. Specifically, when the duplicatepolicy setting is configured to 'maintain both', a Time-of-Check to Time-of-Use (TOCTOU) race condition occurs between the file existence check and the file write operation. This flaw enables an authenticated attacker to overwrite files submitted by other users, potentially leading to unauthorized data manipulation or loss.

Affected Version(s)

Iptanus File Upload 0 < 5.1.7

Exploit Proof of Concept (PoC)

PoC code is written by security researchers to demonstrate the vulnerability can be exploited. PoC code is also a key component for weaponization which could lead to ransomware.

CVE-2025-15546 - Proof of Concept

References

https://wpscan.com/vulnerability/06e33418-1644-49a1-b012-...

exploitvdb-entrytechnical-description

Download the Critical Vulnerability Management Cheat Sheet

Timeline

🟡
Public PoC available
Jun 14, 2026
👾
Exploit known to exist
Jun 14, 2026
Vulnerability published
Jun 14, 2026
Vulnerability Reserved
Jan 26, 2026

Credit

Luca Jungnickel

WPScan

CVE-2025-15546 Data

JSON