AI description
CVE-2025-3914 affects the Aeropage Sync for Airtable plugin for WordPress. It stems from a lack of file type validation in the `aeropage_media_downloader` function. This vulnerability is present in all versions up to and including 3.2.0. The absence of file type validation allows authenticated attackers with subscriber-level access or higher to upload arbitrary files to the affected server. This could potentially lead to remote code execution, thereby compromising the WordPress site.
- Description
- The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Received
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-434
Hype score is a measure of social media activity compared against trending CVEs from the past 12 months. Max score 100.
- Hype score
8
Hunters 🔥 Once again, the developer relied only on file extension and mime-type (CVE-2025-3914) 😜 Find these strings in your target code to get your next CVE: fopen( move_uploaded_file( $mimeType FILEINFO_MIME_TYPE $_FILES['file']['type'] in_array($mimeType file_put_content
@chux13786509
26 Apr 2025
2514 Impressions
10 Retweets
67 Likes
37 Bookmarks
0 Replies
0 Quotes
�� CVE-2025-3914 - WordPress - HIGH 🚨 🗓️ Date published 2025-04-26 06:15:16 UTC #WordPress #CyberSecurity #InfoSec #Vulnerability #TechNews https://t.co/z1OGRTtwar
@vulns_space
26 Apr 2025
31 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-3914: HIGH] WordPress plugin Aeropage Sync for Airtable is vulnerable to file uploads in 'aeropage_media_downloader' function, up to version 3.2.0, allowing attackers to upload files and possibly exe...#cve,CVE-2025-3914,#cybersecurity https://t.co/aEXz0lznnK https://t.
@CveFindCom
26 Apr 2025
44 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-3914 The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' funct… https://t.co/RroaZ4pgVp
@CVEnew
26 Apr 2025
559 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes