CVE-2025-5395

Name of the Vulnerable Software and Affected Versions WordPress Automatic Plugin versions up to 3.115.0

Description The WordPress Automatic Plugin is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file. This allows authenticated attackers with Author-level access and above to upload arbitrary files on the affected site's server, potentially leading to remote code execution.

Recommendations For versions up to 3.115.0, update to a version higher than 3.115.0 to resolve the issue. As a temporary workaround, consider restricting access to the 'core.php' file or disabling the plugin until a patch is available. Avoid using the plugin with Author-level access and above until the issue is resolved.