CVE-2025-4413

Name of the Vulnerable Software and Affected Versions Pixabay Images plugin for WordPress versions up to, and including, 3.4

Description The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay upload function. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server, which may make remote code execution possible.

Recommendations For Pixabay Images plugin for WordPress versions up to, and including, 3.4, update to a version that includes a fix for the missing file type validation in the pixabay upload function. At the moment, there is no information about a newer version that contains a fix for this vulnerability.