CVE-2025-4954

Name of the Vulnerable Software and Affected Versions Axle Demo Importer version 1.0.3

Description The Axle Demo Importer WordPress plugin does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server.

Recommendations For version 1.0.3, consider disabling file upload functionality until a patch is available. Restrict access to the file upload feature to minimize the risk of exploitation. Avoid using the plugin until the issue is resolved. At the moment, there is no information about a newer version that contains a fix for this vulnerability.