PT-2025-39947 · WordPress · Post By Email
Jonas Benjamin Friedli
·
Published
2025-09-30
·
Updated
2025-10-05
·
CVE-2025-9762
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Post By Email versions through 1.0.4b
Description
The Post By Email plugin for WordPress is susceptible to arbitrary file uploads because of a lack of file type validation within the
save attachments function. This allows unauthenticated attackers to upload arbitrary files to the affected server, potentially leading to remote code execution. The save attachments function is the point of entry for this issue.Recommendations
Versions prior to 1.0.4b should be updated to a newer version that addresses this issue.
Fix
RCE
OS Command Injection
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Post By Email