- Description
- The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::replace_post' function in all versions up to, and including, 1.0.8. This makes it possible for authenticated attackers, with contributor-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.
- Source
- security@wordfence.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Primary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- security@wordfence.com
- CWE-434
- Hype score
- Not currently trending
π¨ CVE-2025-4279 π΄ HIGH (8.8) π’ muromuro - External image replace ποΈ * π https://t.co/IYeJgPFZuw π https://t.co/X0r00N79dW #CyberCron #VulnAlert #InfoSec https://t.co/1JE3BRBGul
@cybercronai
7 May 2025
22 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4279 The External image replace plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'external_image_replace_get_posts::re⦠https://t.co/xgz9f9yhqo
@CVEnew
5 May 2025
290 Impressions
1 Retweet
0 Likes
0 Bookmarks
0 Replies
0 Quotes
[CVE-2025-4279: HIGH] WordPress External image replace plugin, up to version 1.0.8, has a security flaw allowing arbitrary file uploads, enabling attackers to execute remote code. Update or patch immediately.#cve,CVE-2025-4279,#cybersecurity https://t.co/GCKjjiKym1 https://t.co/8
@CveFindCom
5 May 2025
58 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes