CVE-2025-4954

Published: Jun 10, 2025Modified: Jul 2, 2025

8.8

Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Exploitability: 2.8 / Impact: 5.9

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server

Affected (1)

Products: Axlethemes: Axle Demo Importer

Axlethemes

1 product

Axle Demo Importer

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Axlethemes Axle Demo Importer	Up to 1.0.3

Related CWEs

CWE-434

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://wpscan.com/vulnerability/673f35ff-e1d5-4099-86e7-8b6e3e410ef8/

Source: contact@wpscan.com

ExploitThird Party Advisory

Timeline

No history available yet.