CVE-2025-28951
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the WordPress Bulk Featured Image plugin (up to version 1.2.2) allows an attacker with administrator privileges to upload any type of file to the website, including malicious files like web shells. These files can be executed to gain unauthorized access and control over the web server. It is classified as an Arbitrary File Upload vulnerability and falls under the OWASP Top 10 category A5: Security Misconfiguration. [1]
How can this vulnerability impact me? :
If exploited, this vulnerability can lead to a full website compromise. An attacker can upload and execute malicious backdoors, gaining unauthorized access to the server, potentially leading to data theft, site defacement, or further attacks. Although it requires administrator access to exploit, the impact is high with potential for confidentiality, integrity, and availability loss. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for unauthorized file uploads, especially web shells, on the affected WordPress site. Since the vulnerability requires administrator privileges to exploit, reviewing recent admin activity logs for suspicious uploads is recommended. Additionally, server-side malware scanning is advised to detect any malicious files, as plugin-based scanners may be unreliable due to tampering. Specific commands are not provided in the resources, but typical approaches include scanning the web server directories for unexpected files and checking web server logs for unusual POST requests related to file uploads. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying virtual patching (vPatching) offered by Patchstack, which provides rapid protection without performance loss despite the absence of an official patch. Restrict administrator access to trusted users only, monitor for suspicious activity, and consider professional incident response if compromise is suspected. Server-side malware scanning is also recommended to identify and remove any malicious files uploaded via this vulnerability. [1]