CVE-2025-2005

Published Apr 2, 2025

Last updated 3 days ago

Overview

AI description

Generated using AI and has not been reviewed by Intruder. May contain errors.

CVE-2025-2005 affects the Front End Users plugin for WordPress, specifically versions up to and including 3.2.32. The vulnerability stems from a lack of file type validation in the file upload field of the registration form. This missing validation allows unauthenticated attackers to upload arbitrary files to the affected server. These files could include malicious PHP files (web shells), potentially leading to remote code execution and complete compromise of the server.

Description: The Front End Users plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the file uploads field of the registration form in all versions up to, and including, 3.2.32. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Source: security@wordfence.com
NVD status: Awaiting Analysis

Risk scores

CVSS 3.1

Type: Primary
Base score: 9.8
Impact score: 5.9
Exploitability score: 3.9
Vector string: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
Severity: CRITICAL

Weaknesses

security@wordfence.com: CWE-434

Hype score: Not currently trending

Overview

AI description

Risk scores

CVSS 3.1

Weaknesses

Social media

References