- Description
- The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server
- Source
- contact@wpscan.com
- NVD status
- Awaiting Analysis
CVSS 3.1
- Type
- Secondary
- Base score
- 8.8
- Impact score
- 5.9
- Exploitability score
- 2.8
- Vector string
- CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
- Severity
- HIGH
- Hype score
- Not currently trending
wordpress | Axle Demo Importer <= 1.0.3 - Author+ Arbitrary File Upload CVE:CVE-2025-4954 | 8.8 (High) Researcher: Nxploited PoC:https://t.co/FYrcMBJYYL #cybersecurite #wordpress #hacker
@Nxploited
25 Jun 2025
64 Impressions
0 Retweets
0 Likes
1 Bookmark
0 Replies
0 Quotes
discovered by Nxploited 🆔 CVE-2025-4954 📦 Plugin: Axle Demo Importer <= 1.0.3 🔓 Vulnerability: Author+ Arbitrary File Upload 💣 Severity: 9.1 (Critical) 📄 CVE details: https://t.co/ETERBDsBYG #BugBounty #CyberSecurity
@Nxploited
11 Jun 2025
32 Impressions
0 Retweets
0 Likes
0 Bookmarks
0 Replies
0 Quotes
CVE-2025-4954 The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitra… https://t.co/u1DljLXxMp
@CVEnew
10 Jun 2025
336 Impressions
0 Retweets
1 Like
0 Bookmarks
0 Replies
0 Quotes