CVE-2025-15546

None

No severity ratings or metrics are available. When they are, we'll update the corresponding info on the page.

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.

Exploit

Found an issue in the description? Have something to add? Feel free to write us 👾

dbugs@ptsecurity.com

Related Identifiers

CVE-2025-15546

Affected Products

Undefined

CVE-2025-15546

Related Identifiers

Affected Products

References · 2