Arbitrary File Upload Vulnerability in WordPress Automatic Plugin by WordPress
CVE-2025-5395
8.8HIGH
What is CVE-2025-5395?
The WordPress Automatic Plugin is susceptible to an arbitrary file upload vulnerability due to inadequate file type validation in the core.php file. This flaw affects all versions up to and including 3.115.0, allowing authenticated attackers with Author-level access or higher to upload problematic files on the server. Successfully exploiting this vulnerability could lead to remote code execution, posing significant risks to the integrity and security of affected WordPress sites.
Human OS v1.0:
Ageing Is an Unpatched Zero-Day Vulnerability.
Remediate biological technical debt. Prime Ageing uses 95% high-purity SIRT6 activation to maintain genomic integrity and bolster systemic resilience.
Affected Version(s)
WordPress Automatic Plugin * <= 3.115.0
References
CVSS V3.1
Score:
8.8
Severity:
HIGH
Confidentiality:
High
Integrity:
High
Availability:
High
Attack Vector:
Network
Attack Complexity:
Low
Privileges Required:
Low
User Interaction:
None
Scope:
Unchanged
Timeline
Vulnerability published
Vulnerability Reserved
Credit
Trương Hữu Phúc (truonghuuphuc)