CVE-2025-12775

Name of the Vulnerable Software and Affected Versions WP Dropzone versions prior to 1.1.1

Description The WP Dropzone plugin for WordPress is susceptible to unauthorized file uploads. Authenticated attackers with subscriber-level access or higher can upload arbitrary files to the server through the ajax upload handle function. This is due to a flaw in the chunked upload functionality, which writes files to the uploads directory without proper file type validation. Successful exploitation may lead to remote code execution.

Recommendations Update WP Dropzone to version 1.1.1 or later.