CVE-2025-47550

🗓️ 07 May 2025 14:20:20Reported by PatchstackType

cve🔗 web.nvd.nist.gov👁 54 Views🌐 WEB

Unrestricted file upload in Themefic Instantio allows web shell upload on affected versions.

Reporter	Title	Published	Views	Family All 12
Circl	CVE-2025-47550	9 May 202513:00	–	circl
CNNVD	WordPress plugin Instantio 代码问题漏洞	7 May 202500:00	–	cnnvd
Cvelist	CVE-2025-47550 WordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload Vulnerability	7 May 202514:20	–	cvelist
EUVD	EUVD-2025-13786	3 Oct 202520:07	–	euvd
GithubExploit	Exploit for Unrestricted Upload of File with Dangerous Type in Themefic Instantio	7 May 202522:15	–	githubexploit
NVD	CVE-2025-47550	7 May 202515:16	–	nvd
OSV	CVE-2025-47550	7 May 202515:16	–	osv
Patchstack	WordPress Instantio plugin <= 3.3.16 - Arbitrary File Upload Vulnerability	7 May 202512:41	–	patchstack
Positive Technologies	PT-2025-20163 · Unknown · Themefic Instantio	7 May 202500:00	–	ptsecurity
RedhatCVE	CVE-2025-47550	9 May 202515:25	–	redhatcve

NVD

Vulners

Node

themefic instantioRange≤3.3.16wordpress

[
  {
    "collectionURL": "https://wordpress.org/plugins",
    "defaultStatus": "unaffected",
    "packageName": "instantio",
    "product": "Instantio",
    "vendor": "Themefic",
    "versions": [
      {
        "changes": [
          {
            "at": "3.3.17",
            "status": "unaffected"
          }
        ],
        "lessThanOrEqual": "3.3.16",
        "status": "affected",
        "version": "0",
        "versionType": "custom"
      }
    ]
  }
]

Source	Link
patchstack	www.patchstack.com/database/Wordpress/Plugin/instantio/vulnerability/wordpress-instantio-3-3-16-arbitrary-file-upload-vulnerability

Parameter	Position	Path	Description	CWE
file[]	request body	wp-content/plugins/instantio/admin/tf-options/classes/Ins_TF_Settings.php	Unrestricted file upload due to improper MIME type validation allowing web shell upload	CWE-434

28 Apr 2026 16:12Current

7.2High risk

Vulners AI Score7.2

CVSS 3.16.6 - 7.2

EPSS0.00391

SSVC

CWE-434