Lucene search
+L

CVE-2025-23968

🗓️ 03 Jul 2025 18:49:18Reported by PatchstackType 
cve
 cve
🔗 web.nvd.nist.gov📰️ 1 Media mentions👁 41 Views🌐 WEB

Arbitrary File Upload vulnerability in AiBud WP plugin allows dangerous file uploads to server

Related
Detection
Affected
Refs
Paths
Social
ReporterTitlePublishedViews
Family
GithubExploit
Exploit for CVE-2025-23968
3 Jul 202519:34
githubexploit
Circl
CVE-2025-23968
3 Jul 202521:40
circl
CNNVD
WordPress plugin AiBud WP 代码问题漏洞
3 Jul 202500:00
cnnvd
Cvelist
CVE-2025-23968 WordPress AiBud WP plugin <= 1.9 - Arbitrary File Upload vulnerability
3 Jul 202518:49
cvelist
EUVD
EUVD-2025-19896
3 Oct 202520:07
euvd
NVD
CVE-2025-23968
3 Jul 202519:15
nvd
Packet Storm
📄 AI Plugins 1.10.9 Shell Upload
3 Dec 202500:00
packetstorm
Packet Storm
📄 WordPress AI Buddy 1.8.5 Shell Upload
5 Dec 202500:00
packetstorm
Packet Storm
📄 WordPress AI Buddy 1.8.5 Shell Upload
4 Mar 202600:00
packetstorm
Packet Storm
📄 WordPress AI Bud 1.8.5 Shell Upload
4 Mar 202600:00
packetstorm
Rows per page
Vulners
Node
webfactoryaibud_wpRange1.9wordpress
[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "aibuddy-openai-chatgpt",
    "product": "AiBud WP",
    "vendor": "WebFactory",
    "versions": [
      {
        "lessThanOrEqual": "1.9",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]
ParameterPositionPathDescriptionCWE
logrequest body/wp-login.phpUnauthenticated login form can be abused to obtain an authenticated session for subsequent actions.CWE-434
pwdrequest body/wp-login.phpUnauthenticated login form can be abused to obtain an authenticated session for subsequent actions.CWE-434
wp-submitrequest body/wp-login.phpUnauthenticated login form can be abused to obtain an authenticated session for subsequent actions.CWE-434
redirect_torequest body/wp-login.phpUnauthenticated login form can be abused to obtain an authenticated session for subsequent actions.CWE-434
testcookierequest body/wp-login.phpUnauthenticated login form can be abused to obtain an authenticated session for subsequent actions.CWE-434
titlerequest body/wp-json/ai-buddy/v1/wp/attachmentsUpload endpoint used to upload a web shell via AI Buddy integration.CWE-434
captionrequest body/wp-json/ai-buddy/v1/wp/attachmentsUpload endpoint used to upload a web shell via AI Buddy integration.CWE-434
altrequest body/wp-json/ai-buddy/v1/wp/attachmentsUpload endpoint used to upload a web shell via AI Buddy integration.CWE-434
descriptionrequest body/wp-json/ai-buddy/v1/wp/attachmentsUpload endpoint used to upload a web shell via AI Buddy integration.CWE-434
urlrequest body/wp-json/ai-buddy/v1/wp/attachmentsUpload endpoint used to upload a web shell via AI Buddy integration.CWE-434
Rows per page

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

17 Jun 2026 08:57Current
5.9Medium risk
Vulners AI Score5.9
CVSS 3.19.1
EPSS0.00413
SSVC
41