PT-2025-49207 · WordPress · Bread & Butter: Gate Content + Capture Leads + Collect First-Party Data + Nurture With Ai Agents
Ryan Kozak
·
Published
2025-12-05
·
Updated
2026-03-16
·
CVE-2025-12189
CVSS v3.1
8.8
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Bread & Butter: Gate content + Capture leads + Collect first-party data + Nurture with Ai agents plugin for WordPress versions prior to 7.10.1322
Description
The software is susceptible to a Cross-Site Request Forgery issue. This is due to inadequate or missing nonce validation within the
uploadImage() function. An unauthenticated attacker could potentially upload arbitrary files, leading to possible remote code execution if they can successfully deceive a site administrator into performing an action, such as clicking a malicious link.Recommendations
Versions prior to 7.10.1322 should be updated. As a temporary workaround, consider restricting access to the
uploadImage() function until a patch is available.Exploit
Fix
RCE
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Bread & Butter: Gate Content + Capture Leads + Collect First-Party Data + Nurture With Ai Agents