CVE-2025-7441
Unknown
Unknown - Not Provided
BaseFortify
Publication date: 2025-08-16
Last updated on: 2026-04-08
Assigner: Wordfence
Description
Description
The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpres | storychief | 1.0.42 |
Helpful Resources
Exploitability
CWE
KEV
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the StoryChief plugin for WordPress allows unauthenticated attackers to upload arbitrary files through the /wp-json/storychief/webhook REST-API endpoint because it lacks sufficient filetype validation. This means attackers can potentially upload malicious files to the server.
How can this vulnerability impact me? :
This vulnerability can lead to remote code execution on the affected server, allowing attackers to run malicious code, compromise the website, steal data, or disrupt services.
Ask Our AI Assistant
Need more information? Ask your question to get an AI reply (Powered by our expertise)
0/70