Unrestricted File Upload Vulnerability in Epiphyt Form Block by WordPress
CVE-2025-54693

9CRITICAL

Key Information:

Vendor: WordPress
Status: Form Block
Vendor: CVE Published:; 14 August 2025

What is CVE-2025-54693?

The Epiphyt Form Block plugin for WordPress has a vulnerability that allows for the unrestricted upload of files with dangerous types, enabling attackers to upload web shells to the web server. This flaw poses a significant risk to the security of web applications utilizing this plugin, potentially leading to unauthorized access and severe exploitation. The issue affects versions from n/a up to 1.5.5, and users are advised to implement appropriate security measures and update their plugins to mitigate risks.

Affected Version(s)

Form Block <= 1.5.5

References

https://patchstack.com/database/wordpress/plugin/form-blo...

vdb-entry

CVSS V3.1

Score:

Severity:

CRITICAL

Confidentiality:

High

Integrity:

High

Availability:

High

Attack Vector:

Network

Attack Complexity:

High

Privileges Required:

None

User Interaction:

None

Scope:

Changed

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Aug 14, 2025
Vulnerability Reserved
Jul 28, 2025

Credit

Phat RiO - BlueRock (Patchstack Alliance)