CVE-2025-2249

Name of the Vulnerable Software and Affected Versions SoJ SoundSlides plugin for WordPress version 1.2.2 and earlier

Description The SoJ SoundSlides plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the soj soundslides options subpanel() function. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For SoJ SoundSlides plugin for WordPress version 1.2.2 and earlier, update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the soj soundslides options subpanel() function until a patch is available. Restrict access to the plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.