CVE-2025-13536
BaseFortify
Publication date: 2025-11-27
Last updated on: 2025-11-27
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| blubrry | powerpress | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Blubrry PowerPress plugin for WordPress has a vulnerability that allows authenticated users with Contributor-level access or higher to upload arbitrary files to the server. This happens because the plugin checks file extensions but does not stop the process if the validation fails in the 'powerpress_edit_post' function. As a result, attackers can upload malicious files, potentially leading to remote code execution on the affected site.
How can this vulnerability impact me? :
This vulnerability can allow attackers with Contributor-level access or above to upload arbitrary files to your server, which may lead to remote code execution. This means attackers could execute malicious code on your server, potentially compromising the website, stealing data, defacing the site, or using the server for further attacks.