PT-2025-48094 · WordPress · Ai Feeds
Ryan Kozak
·
Publicado
2025-11-25
·
Atualizado
2025-12-01
·
CVE-2025-13597
CVSS v3.1
9.8
Crítica
| Vetor | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AI Feeds plugin for WordPress versions through 1.0.11
Description
The AI Feeds plugin for WordPress is susceptible to arbitrary file uploads because of a missing capability check in the
actualizador git.php file. This allows unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected server, potentially leading to remote code execution.Recommendations
Update the AI Feeds plugin to a version newer than 1.0.11.
Exploit
Correção
RCE
Unrestricted File Upload
Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾
Enumeração de Fraquezas
Identificadores relacionados
Produtos afetados
Ai Feeds