PT-2025-48094 · WordPress · Ai Feeds
Ryan Kozak
·
Published
2025-11-25
·
Updated
2025-12-01
·
CVE-2025-13597
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
AI Feeds plugin for WordPress versions through 1.0.11
Description
The AI Feeds plugin for WordPress is susceptible to arbitrary file uploads because of a missing capability check in the
actualizador git.php file. This allows unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected server, potentially leading to remote code execution.Recommendations
Update the AI Feeds plugin to a version newer than 1.0.11.
Exploit
Fix
RCE
Unrestricted File Upload
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Ai Feeds