PT-2025-45549 · WordPress · Smart Auto Upload Images

Dieu Link

Published

2025-11-08

Updated

2025-11-13

CVE-2025-12161

CVSS v3.1

8.8

High

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Smart Auto Upload Images versions prior to 1.2.1

Description The Smart Auto Upload Images plugin for WordPress is affected by a flaw related to missing file type validation during the auto-image creation process. This allows authenticated attackers with Contributor-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution. The plugin’s auto-image creation functionality does not properly check the type of uploaded files. This allows attackers to bypass security measures and upload malicious files.

Recommendations Versions prior to 1.2.1 should be updated to address this issue.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-12161

Affected Products

Smart Auto Upload Images

PT-2025-45549 · WordPress · Smart Auto Upload Images

CVE-2025-12161

Weakness Enumeration

Related Identifiers

Affected Products

References · 9