11 matches found
Exploit for CVE-2025-12057
CVE-2025-12057 – WordPress WavePlayer RCE PoC Proof of Concep...
WordPress WavePlayer plugin <= 3.7.0 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by @zdenys in WordPress Plugin WavePlayer versions = 3.7.0...
VulnCheck KEV: CVE-2025-12057
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...
CVE-2025-12057
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...
EUVD-2025-198123
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...
CVE-2025-12057
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...
CVE-2025-12057 WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...
CVE-2025-12057 WavePlayer < 3.8.0 - Unauthenticated Arbitrary File Upload
The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE...
CVE-2025-12057
CVE-2025-12057 affects the WavePlayer WordPress plugin prior to version 3.8.0. The vulnerability arises from missing authorization in an AJAX action and lack of validation when copying files locally, allowing unauthenticated users to upload arbitrary files to the server and potentially achieve re...
WordPress plugin WavePlayer 安全漏洞
WordPress and WordPress plugin are both products of the WordPress Foundation.WordPress is a blogging platform developed using the PHP language. The platform has the ability to host personal blog sites on PHP and MySQL based servers.WordPress plugin is an application plugin. A security vulnerabili...
PT-2025-47439
Name of the Vulnerable Software and Affected Versions WavePlayer WordPress plugin versions prior to 3.8.0 Description The software does not have proper authorization checks for an AJAX action and lacks file validation when copying files locally. This allows unauthenticated users to upload arbitra...