PT-2025-46248 · WordPress · Astra Security Suite – Firewall & Malware Scan
Kenneth Dunn
·
Published
2025-11-11
·
Updated
2025-11-11
·
CVE-2025-11521
CVSS v3.1
8.1
High
| AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Astra Security Suite – Firewall & Malware Scan plugin for WordPress versions up to 0.2
Description
The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is susceptible to arbitrary file uploads. This is due to inadequate validation of remote URLs when downloading zip files and the use of predictable keys. Unauthenticated attackers can exploit this to upload arbitrary files to the server, potentially leading to remote code execution.
Recommendations
Update to a version beyond 0.2.
Fix
RCE
Improper Authorization
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Astra Security Suite – Firewall & Malware Scan