PT-2026-4566 · WordPress · Kalrav Ai Agent

Ryan Kozak

Publicado

2026-01-24

Atualizado

2026-02-15

CVE-2025-13374

CVSS v3.1

9.8

Crítica

Vetor

AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Kalrav AI Agent versions prior to 2.3.4

Description The Kalrav AI Agent plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation in the kalrav upload file AJAX action. This allows unauthenticated attackers to upload arbitrary files to the affected server, potentially leading to remote code execution. The kalrav upload file action is the component responsible for handling file uploads.

Recommendations Versions prior to 2.3.4 should be updated.

Exploit

Correção

RCE

Unrestricted File Upload

Encontrou algum problema na descrição? Tem algo a acrescentar? Fique à vontade para nos escrever 👾

dbugs@ptsecurity.com

Enumeração de Fraquezas

CWE-434

Identificadores relacionados

CVE-2025-13374

Produtos afetados

Kalrav Ai Agent

PT-2026-4566 · WordPress · Kalrav Ai Agent

CVE-2025-13374

Enumeração de Fraquezas

Identificadores relacionados

Produtos afetados

Referências · 13