- Description
- The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 9.8
- Impact score
- 5.9
- Exploitability score
- 3.9
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
- Severity
- CRITICAL
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
New post from https://t.co/uXvPWJy6tj (CVE-2025-2512 | thomstark File Away Plugin up to 3.9.9.0.1 on WordPress upload unrestricted upload) has been published on https://t.co/rfmnwfkTq3
@WolfgangSesin
19 Mar 2025
14 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-2512 - WordPress - HIGH 🚨 🗓️ Date published 2025-03-19 12:15:14 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/RWoWforFZu
@vulns_space
19 Mar 2025
20 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-2512 The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function i… https://t.co/kZeiP3a1L2
@CVEnew
19 Mar 2025
416 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-2512: CRITICAL] File Away plugin for WordPress (up to v3.9.9.0.1) has a security flaw allowing unauthenticated attackers to perform arbitrary file uploads, potentially leading to remote code execution.#cybersecurity,#vulnerability https://t.co/e32xNCOrtw https://t.co/JR
@CveFindCom
19 Mar 2025
39 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes