CVE-2025-12968

Name of the Vulnerable Software and Affected Versions Infility Global versions prior to 2.14.24

Description The Infility Global plugin for WordPress is susceptible to arbitrary file uploads because of inadequate file type validation and missing capability checks. The upload file function within the infility import file class validates only the MIME type, which can be easily manipulated. Additionally, the import data function lacks proper capability checks. This allows authenticated attackers with subscriber-level access or higher to upload arbitrary files to the server, potentially leading to remote code execution.

Recommendations Update Infility Global to version 2.14.24 or later.