CVE-2025-11724
BaseFortify
Publication date: 2025-11-04
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | wordpress | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute arbitrary code on your server, potentially leading to full system compromise, data theft, defacement, or further attacks within your environment.
Can you explain this vulnerability to me?
The EM Beer Manager plugin for WordPress has a vulnerability that allows authenticated users with subscriber-level access or higher to upload arbitrary files, including malicious PHP files, due to missing file type validation and missing authorization checks. This can lead to remote code execution on the server if the attacker can provide a mock HTTP server responding with specific JSON data.