VulnerAlert



WORDPRESS
15-12-2025 23:16

CVE-2025-14045 Vulnerabilidad documentada

Sin puntuación
Tags
#wordpress
#plugin
#attackers
#authenticated
#vulnerable
#attack
#access
#unauthorized
Descripción
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible authenticated attackers, with Contributor-level access above, upload media files.
https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e
https://plugins.trac.wordpress.org/browser/url-media-uploader/tags/1.0.1/url-media-uploader.php#L52
https://plugins.trac.wordpress.org/browser/url-media-uploader/trunk/url-media-uploader.php#L52
https://www.wordfence.com/threat-intel/vulnerabilities/id/57f09da9-0d2c-45db-b3ed-19a7c9f5a001?source=cve
https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e
Referencia
Link externo
Ver detalles

Fuente
https://nvd.nist.gov/vuln/detail/CVE-2025-14045
Resultados similares
Coincidentes en almenos en 50% de los tags
16-12-2025 CVE-2025-13741
The Schedule Post Changes With PublishPress Future: Unpublish, Delete, Change Status, Trash, Ch...
Ver información
16-12-2025 CVE-2025-11220
The Elementor plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the plugin'...
Ver información
Icons made by Freepik from www.flaticon.com
Este Proyecto fue cofinanciado por el Consejo Nacional de Ciencia y Tecnología (CONACYT) a través del PROINNOVA 2021/2023
Proyecto realizado por