CVE-2025-6206
BaseFortify
Publication date: 2025-06-24
Last updated on: 2025-08-13
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| coderevolution | aiomatic | to 2.5.1 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Aiomatic WordPress plugin, where the 'aiomatic_image_editor_ajax_submit' function lacks proper file type validation. This allows authenticated users with Subscriber-level access or higher to upload arbitrary files to the server. Exploiting this requires entering any value for the Stability.AI API key. The uploaded files could potentially lead to remote code execution on the affected site.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow attackers with low-level authenticated access to upload malicious files to your server. This could lead to remote code execution, compromising the security and integrity of your website and server, potentially resulting in data theft, site defacement, or further attacks.