CVE-2025-5746
BaseFortify
Publication date: 2025-07-02
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Drag and Drop Multiple File Upload (Pro) - WooCommerce plugin for WordPress. It allows unauthenticated attackers to upload arbitrary files to the affected site's server due to missing file type validation in a specific function (dnd_upload_cf7_upload_chunks()). Although PHP execution is generally disabled via a .htaccess file, remote code execution may still be possible in certain server configurations.
How can this vulnerability impact me? :
The vulnerability can allow attackers to upload arbitrary files, potentially leading to remote code execution on the server. This can result in full compromise of the affected website, including data theft, site defacement, or using the server to launch further attacks.