CVE-2025-3917

Name of the Vulnerable Software and Affected Versions: 百度站长SEO合集 plugin for WordPress versions up to, and including, 2.0.6

Description: The issue is related to arbitrary file uploads due to missing file type validation in the download remote image to media library function. This allows unauthenticated attackers to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations: For versions up to, and including, 2.0.6, upgrade to version 2.0.7 to fix the issue. As a temporary workaround, consider disabling the download remote image to media library function until a patch is available. Restrict access to the vulnerable plugin to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved.