3 matches found
CVE-2025-13065
The Starter Templates plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 4.4.41. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...
CVE-2025-13065
The CVE-2025-13065 vulnerability affects the WordPress Starter Templates plugin (versions up to and including 4.4.41). Root cause: insufficient file-type validation for WXR uploads allows double extensions to bypass sanitization, enabling an authenticated attacker with author-level access or high...
CVE-2025-13066
The Demo Importer Plus plugin for WordPress is vulnerable to arbitrary file upload in all versions up to, and including, 2.0.6. This is due to insufficient file type validation detecting WXR files, allowing double extension files to bypass sanitization while being accepted as a valid WXR file. Th...