CVE-2025-14632

Name of the Vulnerable Software and Affected Versions Filr versions prior to 1.2.12

Description The Filr plugin for WordPress is affected by a Stored Cross-Site Scripting issue. This is due to insufficient file type restrictions in the FILR Uploader class, allowing malicious HTML files containing JavaScript to be uploaded. An authenticated attacker with Administrator-level access or higher can exploit this by uploading a malicious file. When a user accesses the uploaded file, with appropriate permissions to create or edit posts with the 'filr' post type, the JavaScript will execute.

Recommendations Update Filr to version 1.2.12 or later.