CVE-2025-49414
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-49414 is a critical vulnerability in the WordPress FW Gallery plugin (up to version 8.0.0) that allows unauthenticated attackers to upload arbitrary files, including malicious backdoors. This unrestricted file upload can lead to execution of malicious code on the affected website, enabling attackers to gain unauthorized access and control. [1]
How can this vulnerability impact me? :
This vulnerability can severely impact you by allowing attackers to upload and execute malicious files on your website without authentication. This can lead to full compromise of the website, including data theft, defacement, unauthorized access, and potentially using the site as a launchpad for further attacks. The vulnerability has a maximum CVSS score of 10, indicating critical risk. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection involves monitoring for unauthorized file uploads, especially files with dangerous types or unexpected extensions. Since the vulnerability allows unauthenticated arbitrary file uploads, checking web server logs for suspicious POST requests to the FW Gallery upload endpoints can help. Additionally, server-side malware scanning is recommended to identify any malicious backdoors or uploaded files. Plugin-based malware scanners are not recommended due to potential tampering. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the Patchstack virtual patch (vPatch) which automatically blocks attack attempts targeting this vulnerability until an official fix is released. It is also recommended to perform professional incident response and server-side malware scanning if compromise is suspected. Avoid relying solely on plugin-based malware scanners. Monitoring and restricting file uploads where possible can also help reduce risk. [1]