Skip to main content

WordPress CVE-2025-29009

CRITICAL
Unrestricted Upload of File with Dangerous Type (CWE-434)
2025-07-16 audit@patchstack.com
10.0
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
10.0 CRITICAL
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
None
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

4
Re-analysis Queued
Apr 23, 2026 - 15:42 vuln.today
cvss_changed
CVSS changed
Apr 23, 2026 - 15:42 NVD
10.0 (CRITICAL)
Analysis Generated
Apr 01, 2026 - 17:26 vuln.today
CVE Published
Jul 16, 2025 - 12:15 nvd
N/A

DescriptionCVE.org

Unrestricted Upload of File with Dangerous Type vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce medical-prescription-attachment-plugin-for-woocommerce allows Upload a Web Shell to a Web Server.This issue affects Medical Prescription Attachment Plugin for WooCommerce: from n/a through <= 1.2.3.

AnalysisAI

Unrestricted file upload vulnerability in Webkul Medical Prescription Attachment Plugin for WooCommerce through version 1.2.3 allows attackers to upload web shells to the server, enabling remote code execution. The plugin fails to properly validate uploaded file types, permitting dangerous executable files to be stored in web-accessible directories. No CVSS score or public exploit code has been published; however, the low EPSS score (0.11%, 29th percentile) suggests minimal exploitation probability despite the high intrinsic severity of arbitrary file upload to WordPress environments.

Technical ContextAI

This vulnerability stems from CWE-434 (Unrestricted Upload of File with Dangerous Type), a classic WordPress plugin weakness where user-supplied file uploads bypass adequate type validation. The Medical Prescription Attachment Plugin for WooCommerce, deployed as a WordPress plugin extending WooCommerce functionality for medical prescription management, accepts file uploads without sufficiently restricting file extensions or MIME types. Attackers can exploit this to upload PHP, JSP, ASPX, or other executable files that the web server will process, leading to arbitrary code execution in the context of the WordPress application. The vulnerability affects the plugin's core upload handling mechanism, likely in request handlers that process prescription attachments without whitelisting safe file types or enforcing content-based validation.

Affected ProductsAI

Webkul Medical Prescription Attachment Plugin for WooCommerce versions up to and including 1.2.3. The plugin is deployed as a WordPress plugin component extending WooCommerce e-commerce and prescription management functionality. No specific CPE identifier for this WordPress plugin is available in the provided data; affected installations are identified by plugin slug 'medical-prescription-attachment-plugin-for-woocommerce' and active versions <= 1.2.3. Detailed vulnerability information is available via the Patchstack WordPress vulnerability database reference.

RemediationAI

Update Webkul Medical Prescription Attachment Plugin for WooCommerce to version 1.2.4 or later, which should include fixes for file upload validation. Administrators should immediately deactivate and remove the vulnerable plugin if patched versions are not available, or implement temporary controls by restricting upload endpoint access via Web Application Firewall (WAF) rules to authenticated users only if functional requirements permit. Additionally, scan the server for suspicious files in WordPress plugin upload directories (typically wp-content/uploads/) for signs of web shell implantation using file integrity monitoring or security plugins. Consult the Patchstack vulnerability database for updated patch availability and specific version release notes at https://patchstack.com/database/Wordpress/Plugin/medical-prescription-attachment-plugin-for-woocommerce/vulnerability/wordpress-medical-prescription-attachment-plugin-for-woocommerce-1-2-3-arbitrary-file-upload-vulnerability.

CVE-2016-10045 CRITICAL POC
9.8 Dec 30

The isMail transport in PHPMailer before 5.2.20 might allow remote attackers to pass extra parameters to the mail comman

CVE-2023-6553 CRITICAL POC
9.8 Dec 15

The Backup Migration plugin for WordPress is vulnerable to Remote Code Execution in all versions up to, and including, 1

CVE-2024-5084 CRITICAL POC
9.8 May 23

The Hash Form - Drag & Drop Form Builder plugin for WordPress is vulnerable to arbitrary file uploads due to missing fil

CVE-2024-8353 CRITICAL POC
9.8 Sep 28

The GiveWP - Donation Plugin and Fundraising Platform plugin for WordPress is vulnerable to PHP Object Injection in all

CVE-2020-36847 CRITICAL POC
9.8 Jul 12

The Simple File List plugin for WordPress through version 4.2.2 contains an unauthenticated remote code execution vulner

CVE-2025-11749 CRITICAL POC
9.8 Nov 05

The AI Engine WordPress plugin through version 3.1.3 exposes Bearer Token values through the /mcp/v1/ REST API endpoint

CVE-2016-1209 CRITICAL POC
9.8 May 14

The Ninja Forms plugin before 2.9.42.1 for WordPress allows remote attackers to conduct PHP object injection attacks via

CVE-2024-4443 CRITICAL POC
9.8 May 22

The Business Directory Plugin - Easy Listing Directories for WordPress plugin for WordPress is vulnerable to time-based

CVE-2024-1698 CRITICAL POC
9.8 Feb 27

SQL injection in the NotificationX WordPress plugin (versions up to and including 2.8.2) allows unauthenticated remote a

CVE-2023-6875 CRITICAL POC
9.8 Jan 11

The POST SMTP Mailer - Email log, Delivery Failure Notifications and Best Mail SMTP for WordPress plugin for WordPress i

CVE-2024-1512 CRITICAL POC
9.8 Feb 17

The MasterStudy LMS WordPress Plugin - for Online Courses and Education plugin for WordPress is vulnerable to union base

CVE-2024-3495 CRITICAL POC
9.8 May 22

The Country State City Dropdown CF7 plugin for WordPress is vulnerable to SQL Injection via the ‘cnt’ and 'sid' paramete

Share

CVE-2025-29009 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy