Elastic Theme Editor <= 0.0.3 – Authenticated (Subscriber+) Arbitrary File Upload | CVE 2025-12637 | Plugin Vulnerabilities

Description

The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the process_theme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Affects Plugins

elastic-theme-editor

No known fix

References

CVE

URL

https://www.wordfence.com/threat-intel/vulnerabilities/id/e158a13d-5452-492a-875e-53791e1ff840

Classification

Type

RCE

OWASP top 10

CWE

CVSS

Miscellaneous

Original Researcher

kr0d

Verified

No

WPVDB ID

6c47e7f8-245d-4e63-b3e3-fbd3f8105830

Timeline

Publicly Published

2025-11-10 (about 4 months ago)

Added

2025-11-10 (about 4 months ago)

Last Updated

2025-11-11 (about 4 months ago)

Other

Published

Title

Published

2025-04-25

Title

Anps Theme plugin < 1.1.2 - Unauthenticated Arbitrary Shortcode Execution

Published

2025-02-07

Title

WP All Export Pro < 1.9.2 - Unauthenticated Remote Code Execution via Custom Export Fields

Published

2025-05-21

Title

Spreadsheet Price Changer for WooCommerce and WP E-commerce – Light <= 2.4.37 - Unauthenticated Remote Code Execution

Published

2023-09-19

Title

File Manager Pro < 1.8.1 - Admin+ Remote Code Execution

Published

2021-06-07

Title

Recently < 3.0.5 - Authenticated Code Injection