Farost Energia CVE-2025-50002
CRITICALSeverity by source
AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Unrestricted Upload of File with Dangerous Type vulnerability in Farost Energia energia allows Upload a Web Shell to a Web Server.This issue affects Energia: from n/a through <= 1.1.2.
AnalysisAI
Farost Energia WordPress plugin allows unrestricted file upload enabling attackers to upload web shells and achieve remote code execution on the WordPress server.
Technical ContextAI
The Energia plugin by Farost has a CWE-434 unrestricted upload vulnerability that accepts files of any type without validation, allowing attackers to upload executable PHP files.
Affected ProductsAI
Farost Energia WordPress plugin
RemediationAI
Remove or update the plugin. Implement file type whitelist validation.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today