CVE-2025-13536

CVSS v3.1

8.8

Vector

AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Name of the Vulnerable Software and Affected Versions Blubrry PowerPress versions up to and including 11.15.2

Description The Blubrry PowerPress plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation. This occurs because the plugin validates file extensions but does not stop execution when validation fails within the

powerpress edit post

function. Authenticated attackers with Contributor-level access or higher can upload arbitrary files to the affected server, potentially leading to remote code execution. The

powerpress edit post

function is involved in the process.

Recommendations Update Blubrry PowerPress to a version later than 11.15.2.

Fix

RCE

Unrestricted File Upload

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Weakness Enumeration

CWE-434

Related Identifiers

CVE-2025-13536

Affected Products

Blubrry Powerpress

CVE-2025-13536

Weakness Enumeration

Related Identifiers

Affected Products

References · 13