PT-2025-27876 · Unknown · Creedally Bulk Featured Image
Greenhats
·
Published
2025-07-04
·
Updated
2025-07-09
·
CVE-2025-28951
CVSS v3.1
9.1
Critical
| Vector | AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
CreedAlly Bulk Featured Image versions 1.2.1 and earlier
Description:
The issue allows uploading a Web Shell to a web server due to unrestricted file upload with dangerous file types.
Recommendations:
For CreedAlly Bulk Featured Image versions 1.2.1 and earlier, consider restricting file uploads to only allow safe file types until a fix is available.
As a temporary workaround, restrict access to the file upload functionality to minimize the risk of exploitation.
Fix
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Creedally Bulk Featured Image