File Upload Vulnerability in WP Webhooks by Cozmoslabs
CVE-2025-66074

Currently unrated

Key Information:

Vendor: WordPress
Status: WP Webhooks
Vendor: CVE Published:; 18 December 2025

What is CVE-2025-66074?

An unrestricted file upload vulnerability has been identified in Cozmoslabs' WP Webhooks plugin, allowing attackers to exploit path traversal techniques. This vulnerability could enable unauthorized file uploads, potentially leading to further attacks on the server and compromised security of the WordPress site. Affected users should update to the latest version to mitigate risks.

Affected Version(s)

WP Webhooks <= n/a

References

https://vdp.patchstack.com/database/Wordpress/Plugin/wp-w...

vdb-entry

Download the Critical Vulnerability Management Cheat Sheet

Timeline

Vulnerability published
Dec 18, 2025
Vulnerability Reserved
Nov 21, 2025

Credit

Phat RiO - BlueRock | Patchstack Bug Bounty Program

JSON