Themes Vulnerabilities

AI Hub - Startup & Technology WordPress Theme <= 1.3.3 - Unauthenticated Arbitrary File Upload

Description

The AI Hub plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.3.3. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Themes

aihub
No known fix

References

CVE
CVE-2025-26927
URL
https://www.wordfence.com/threat-intel/vulnerabilities/id/2f7e7b03-e709-44b6-8ff9-f2f0b3836629

Miscellaneous

Original Researcher
luc
Verified
No
WPVDB ID
09172857-660d-4f61-8b7c-c2b28819e6e2

Timeline

Publicly Published
2025-04-10 (about 10 months ago)
Added
2025-04-22 (about 10 months ago)
Last Updated
2025-04-22 (about 10 months ago)

Other

Published
Title
Published
2022-08-09
Title
WPide < 3.0 - Admin+ Arbitrary File Edit & Upload
Published
2015-10-29
Title
WordPress File Upload <= 3.4.0 - Unauthenticated Malicious File Upload
Published
2014-08-01
Title
Simple Dropbox Upload - Arbitrary File Upload
Published
2014-08-01
Title
WP Marketplace 1.5.0-1.6.1 - Arbitrary File Upload
Published
2025-01-13
Title
WR Price List Manager For Woocommerce <= 1.0.8 - Authenticated (Subscriber+) Arbitrary File Upload