Inline Image Upload for BBPress < 1.1.20 – Authenticated (Subscriber+) Arbitrary File Upload | CVE 2025-2006 | Plugin Vulnerabilities

Description

The Inline Image Upload for BBPress plugin for WordPress is vulnerable to arbitrary file uploads due to missing file extension validation in the file uploading functionality in all versions up to, and including, 1.1.19. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. This may be exploitable by unauthenticated attackers when the "Allow guest users without accounts to create topics and replies" setting is enabled.

Affects Plugins

image-upload-for-bbpress

Fixed in 1.1.20

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/df09af41-399a-4878-8420-721f1198d895

Miscellaneous

Original Researcher

muhammad yudha

Verified

No

WPVDB ID

2a660b17-fccf-4d02-bad2-988520530e4a

Timeline

Publicly Published

2025-03-28 (about 1 year ago)

Added

2025-03-28 (about 1 year ago)

Last Updated

2025-04-07 (about 1 year ago)

Other

Published

Title

Published

2014-08-01

Title

Contact Form 7 <= 3.5.2 - File Upload Remote Code Execution

Published

2025-03-31

Title

Appointify <= 1.0.8 - Authenticated (Admin+) Arbitrary File Upload

Published

2020-04-02

Title

Art-Picture-Gallery <= 1.2.9 - Unauthenticated Arbitrary File Upload

Published

2014-08-01

Title

Sitemile Auctions 2.0.1.3 - wp-content/plugins/auctionPlugin/upload.php File Upload PHP Code Execution

Published

2024-10-30

Title

Stacks Mobile App Builder <= 5.2.3 - Unauthenticated Arbitrary File Upload