CVE-2025-14045
Unknown Unknown - Not Provided
Unauthorized Safe File Upload in WordPress URL Media Uploader Plugin

Publication date: 2025-12-12

Last updated on: 2025-12-15

Assigner: Wordfence

Description
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload safe media files.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-12-12
Last Modified
2025-12-15
Generated
2026-06-16
AI Q&A
2025-12-12
EPSS Evaluated
2026-06-15
NVD
CVE-2025-14045
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress wordpress *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-862 The product does not perform an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Detection Guidance

This vulnerability can be detected by checking if the WordPress site is running the URL Media Uploader plugin version 1.0.1 or earlier and if authenticated users with Contributor-level access or higher can upload media files via the plugin's AJAX handler without proper capability checks. Detection can involve monitoring AJAX POST requests to the endpoint handling url_media_uploader_url_upload_ajax_handler and verifying if unauthorized uploads occur. A practical approach is to inspect AJAX requests in the browser developer console or server logs for POST requests containing media URLs submitted by users with Contributor roles. Additionally, you can check the plugin version installed. Specific commands are not provided in the resources, but you can use WordPress CLI to check plugin versions and roles, and monitor HTTP requests via server logs or tools like tcpdump or Wireshark for suspicious AJAX POST requests to the plugin's upload handler. [2]

Mitigation Strategies

Immediate mitigation steps include updating the URL Media Uploader plugin to version 1.0.1 or later, which includes fixes for this vulnerability. If updating is not immediately possible, implement a capability check in the plugin's AJAX handler function `url_media_uploader_url_upload_ajax_handler()` to verify that the authenticated user has the `upload_files` capability before processing uploads. This can be done by adding the following code after nonce verification: `if (!current_user_can('upload_files')) { wp_send_json_error(array('message' => 'You do not have permission to upload files.')); return; }`. Additionally, monitor and restrict Contributor-level users from uploading media files until the patch is applied. Ensure nonce verification is enabled to prevent CSRF attacks. These steps prevent unauthorized media uploads and privilege escalation. [2]

Executive Summary

The vulnerability in the URL Media Uploader plugin for WordPress allows authenticated users with Contributor-level access or higher to upload safe media files without proper authorization checks. This happens because the url_media_uploader_url_upload_ajax_handler() function lacks a capability check, enabling these users to perform uploads they might not otherwise be permitted to do.

Impact Analysis

This vulnerability could allow users with Contributor-level access or above to upload media files without proper authorization, potentially leading to unauthorized content being added to the WordPress site. While the files must be safe media files, this could still lead to content integrity issues or misuse of upload functionality.

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-14045. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart