Unrestricted File Upload Vulnerability in MojoJoomla WPAMS Plugin
CVE-2025-39402

9.9CRITICAL

Key Information:

Vendor: WordPress
Status: WPams
Vendor: CVE Published:; 19 May 2025

What is CVE-2025-39402?

The MojoJoomla WPAMS plugin for WordPress is susceptible to an unrestricted file upload vulnerability, which allows attackers to upload malicious files, potentially enabling remote code execution on the web server. This flaw can be exploited to upload a web shell, granting unauthorized access and control over the affected server. Users of WPAMS versions prior to 44.0 should take precautionary measures and apply available security updates to prevent exploitation.

Affected Version(s)

WPAMS <= 44.0 (17-08-2023)

References

https://patchstack.com/database/wordpress/plugin/apartmen...

vdb-entry

CVSS V3.1

Score:

9.9

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

Low

Privileges Required:

Low

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
May 19, 2025
Vulnerability Reserved
Apr 16, 2025

Credit

Trương Hữu Phúc / truonghuuphuc (Patchstack Alliance)