CVE-2025-5395 – WordPress Automatic Plugin Unvalidated File Upload Vulnerability

June 11, 2025

CVE ID : CVE-2025-5395

Published : June 11, 2025, 7:15 a.m. | 2 hours, 37 minutes ago

Description : The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the ‘core.php’ file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site’s server which may make remote code execution possible.

Severity: 8.8 | HIGH

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-29756 – SunGrow iSolarCloud MQTT Credentials Disclosure and Decryption Key Extraction Vulnerability

Next Article CVE-2024-35295 – Perfect Harmony GH180 Physical Access Configuration Change Vulnerability

CodeSOD: A Unique Way to Primary Key

BrowserStack launches Figma plugin for detecting accessibility issues in design phase

Parasoft brings agentic AI to service virtualization in latest release

Node.js vs. Python for Backend: 7 Reasons C-Level Leaders Choose Node.js Talent

The best CRM software with email marketing in 2025: Expert tested and reviewed

This multi-port car charger can power 4 gadgets at once – and it’s surprisingly cheap

I’m a wearables editor and here are the 7 Pixel Watch 4 rumors I’m most curious about

8 ways I quickly leveled up my Linux skills – and you can too

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

The Intersection of Agile and Accessibility – A Series on Designing for Everyone

Zero Trust & Cybersecurity Mesh: Your Org’s Survival Guide

Execute Ping Commands and Get Back Structured Data in PHP

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

A Tomb Raider composer has been jailed — His legacy overshadowed by $75k+ in loan fraud

“I don’t think I changed his mind” — NVIDIA CEO comments on H20 AI GPU sales resuming in China following a meeting with President Trump

Galaxy Z Fold 7 review: Six years later — Samsung finally cracks the foldable code

CVE-2025-5395 – WordPress Automatic Plugin Unvalidated File Upload Vulnerability

CVE-2025-44658 – Netgear RAX30 PHP-FPM Misconfigured Extension Bypass Vulnerability

CVE-2025-7393 – Drupal Mail Login Authentication Bypass

Kindle’s new AI recap feature helps bring you up to speed – how to try it

Exploring modern CSS features such as scroll-state(stuck: top) and more

CVE-2025-43844 – Apache Retrieval-Based Voice Conversion WebUI Command Injection Vulnerability

CVE-2025-5564 – WordPress GC Social Wall Stored Cross-Site Scripting Vulnerability

Between Buzz and Reality: The CTEM Conversation We All Need

CVE-2025-6112 – Tenda FH1205 Buffer Overflow Vulnerability

Critical Linksys Router Flaw (CVE-2025-34037, CVSS 10.0) Actively Exploited by TheMoon Worm

How to disable Recall in Windows 11 (Registry script to turn off Recall AI)

CVE-2025-5395 – WordPress Automatic Plugin Unvalidated File Upload Vulnerability

Related Posts