CVE-2025-3914

Name of the Vulnerable Software and Affected Versions Aeropage Sync for Airtable plugin for WordPress versions up to, and including, 3.2.0

Description The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the aeropage media downloader function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For Aeropage Sync for Airtable plugin for WordPress versions up to, and including, 3.2.0: Update to a version that includes the fix for this issue. As a temporary workaround, consider disabling the aeropage media downloader function until a patch is available. Restrict access to the vulnerable plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.