5 matches found
CVE-2025-4391
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echogeneratefeaturedimage function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files...
CVE-2025-4391
creationtimestamp| type| source ---|---|--- 2025-05-17 06:43:08+00:00| seen| https://bsky.app/profile/cve.skyfleet.blue/post/3lpdwv3cpri2p 2025-05-17 17:01:23+00:00| seen| https://bsky.app/profile/2rZiKKbOU3nTafniR2qMMSE0gwZ.activitypub.awakari.com.ap.brid.gy/post/3lpezaisxuej2...
CVE-2025-4391
The Echo RSS Feed Post Generator plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the echogeneratefeaturedimage function in all versions up to, and including, 5.4.8.1. This makes it possible for unauthenticated attackers to upload arbitrary files...
CVE-2025-4391
The CVE-2025-4391 in Echo RSS Feed Post Generator for WordPress is a result of missing file type validation in the echo_generate_featured_image() function across all versions up to 5.4.8.1, enabling unauthenticated arbitrary file uploads and potentially remote code execution. Connected sources co...
WordPress Echo RSS Feed Post Generator plugin <= 5.4.8.1 - Unauthenticated Arbitrary File Upload vulnerability
Unauthenticated Arbitrary File Upload vulnerability discovered by Foxyyy in WordPress Plugin Echo RSS Feed Post Generator Plugin for WordPress versions = 5.4.8.1...