Unrestricted File Upload Vulnerability in Tourfic by Themefic
CVE-2025-24650

9.1CRITICAL

Key Information:

Vendor: WordPress
Status: Tourfic
Vendor: CVE Published:; 24 January 2025

What is CVE-2025-24650?

The unrestricted file upload vulnerability in Themefic's Tourfic plugin allows attackers to upload malicious files, such as web shells, to the server. This security flaw can potentially be exploited to execute unauthorized commands or take control of the affected system. Users are advised to upgrade to the latest versions and implement security measures to prevent unauthorized file uploads.

Affected Version(s)

Tourfic <= 2.15.3

References

https://patchstack.com/database/wordpress/plugin/tourfic/...

vdb-entry

CVSS V3.1

Score:

9.1

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

High

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Jan 24, 2025
Vulnerability Reserved
Jan 23, 2025

Credit

l8BL (Patchstack Alliance)

WordPress

What is CVE-2025-24650?

Affected Version(s)

References

CVSS V3.1

Timeline

Credit