2 matches found
Exploit for CVE-2025-7441
CVE-2025-7441 StoryChief = 1.0.42 - Unauthenticated Arbitr...
CVE-2025-7441 StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload
The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticat...