PT-2025-44718 · WordPress · Wordpress Restful Content Syndication
Kenneth Dunn
·
Published
2025-11-01
·
Updated
2025-11-01
·
CVE-2025-12171
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
WordPress RESTful Content Syndication plugin versions 1.1.0 through 1.5.0
Description
The RESTful Content Syndication plugin for WordPress is affected by a flaw that allows authenticated attackers with Author-level access or higher to upload arbitrary files to the server. This is due to missing file type validation in the
ingest image() function. Successful exploitation may lead to remote code execution. The attacker requires access to a defined third-party server as specified in the plugin's settings.Recommendations
Update the RESTful Content Syndication plugin to a version later than 1.5.0.
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wordpress Restful Content Syndication