CVE-2025-13062

Name of the Vulnerable Software and Affected Versions Supreme Modules Lite versions prior to 2.5.63

Description The Supreme Modules Lite plugin for WordPress is susceptible to arbitrary file upload due to inadequate file type validation. The plugin incorrectly identifies JSON files, permitting files with double extensions to bypass sanitization. This allows authenticated attackers with author-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution.

Recommendations Update Supreme Modules Lite to version 2.5.63 or later.