PT-2025-48709 · WordPress · Upload.Am
Published
2025-12-02
·
Updated
2025-12-02
·
CVE-2025-12630
CVSS v3.1
4.9
Medium
| Vector | AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N |
Name of the Vulnerable Software and Affected Versions
Upload.am WordPress plugin versions prior to 1.0.1
Description
The software contains a flaw where a missing capability check on an AJAX request handler allows users with contributor-level permissions to view site options. This could lead to unauthorized information disclosure.
Recommendations
Update to version 1.0.1 or later.
Exploit
Fix
Found an issue in the description? Have something to add? Feel free to write us 👾
Related Identifiers
Affected Products
Upload.Am