CVE-2025-13536

Name of the Vulnerable Software and Affected Versions Blubrry PowerPress versions up to and including 11.15.2

Description The Blubrry PowerPress plugin for WordPress is susceptible to arbitrary file uploads due to inadequate file type validation. This occurs because the plugin validates file extensions but does not stop processing when validation fails within the powerpress edit post function. Authenticated attackers with Contributor-level access or higher can exploit this to upload arbitrary files to the affected server, potentially leading to remote code execution.

Recommendations Versions up to and including 11.15.2 should be updated to a newer, fixed version. As a temporary workaround, consider restricting access to the powerpress edit post function to minimize the risk of exploitation.