CVE-2025-11499
BaseFortify
Publication date: 2025-11-01
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| tablesome | wpforms | * |
| tablesome | gravity | * |
| tablesome | fluent | * |
| tablesome | tablesome_table | * |
| tablesome | forminator | * |
| tablesome | cf7 | * |
| wordpress | wordpress | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the Tablesome Table β Contact Form DB β WPForms, CF7, Gravity, Forminator, Fluent plugin for WordPress, specifically in the function set_featured_image_from_external_url(). Due to missing file type validation in versions up to 1.1.32, unauthenticated attackers can upload arbitrary files to the affected site's server. This happens because the plugin does not properly validate that files uploaded as featured images are actually images, allowing malicious files to be uploaded. In some configurations where unauthenticated users can add featured images and a workflow trigger is created, this can lead to remote code execution.
How can this vulnerability impact me? :
The vulnerability can allow unauthenticated attackers to upload arbitrary files to your WordPress server. If your site configuration permits unauthenticated users to add featured images and triggers workflows, attackers could exploit this to upload malicious files, potentially leading to remote code execution. This means attackers could run arbitrary code on your server, compromising the security and integrity of your website and possibly gaining full control over it.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the affected WordPress site is running the Tablesome Table β Contact Form DB β WPForms, CF7, Gravity, Forminator, Fluent plugin versions up to 1.1.32 and if unauthenticated users can upload featured images via workflow triggers. Specific detection commands are not provided in the resources. However, monitoring for unusual file uploads or unexpected featured image additions, especially from external URLs, may help identify exploitation attempts. Since the vulnerability involves arbitrary file uploads through the set_featured_image_from_external_url() function, reviewing web server logs for POST requests or uploads related to featured images and checking for files with suspicious extensions or content could be useful. No explicit commands are given in the provided resources.
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Tablesome Table plugin to a version that includes the security patch which adds multiple layers of validation for remote images, as detailed in the changeset 3386484. This patch implements strict file type validation before and after downloading images, SSL verification, unique filename generation, and deletion of invalid files, preventing arbitrary file uploads. If updating is not immediately possible, disabling the feature or workflow triggers that allow unauthenticated users to add featured images can reduce risk. Additionally, restricting unauthenticated users from uploading files or adding featured images and monitoring for suspicious activity are recommended. [1, 3]