CVE-2025-8889

Published: Sep 9, 2025Modified: Jan 30, 2026

3.8

Vector

CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:L/I:L/A:N

Exploitability: 1.2 / Impact: 2.5

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0 (Secondary)

Description

The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Affected (1)

Products: Eliehanna: Compress And Upload Plugin

1 product

Compress And Upload Plugin

Configuration A

1 vulnerable

Vulnerable Software	Affected Versions
Eliehanna Compress And Upload Plugin	Before 1.0.5

Related CWEs

Unrestricted Upload of File with Dangerous Type

The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.

References (1)

https://wpscan.com/vulnerability/5d84a577-62aa-4aa2-ac39-b146eae65243/

Source: contact@wpscan.com

ExploitThird Party Advisory

Timeline

No history available yet.