CVE-2025-6085

Name of the Vulnerable Software and Affected Versions Make Connector versions prior to 1.5.11

Description The Make Connector plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation within the upload media function. This allows authenticated attackers with Administrator-level access or higher to upload arbitrary files to the affected server, potentially leading to remote code execution.

Recommendations Update Make Connector to version 1.5.11 or later.