How to fix CVE-2025-5395?

Within 24 hours: Audit all user accounts with Author-level or higher permissions and review recent file uploads for suspicious activity. Within 7 days: Disable the WordPress Automatic Plugin entirely until a patch is released, or restrict plugin functionality through code modifications if business operations depend on it. Within 30 days: Monitor vendor security announcements for patch availability and implement a formal policy review for plugin permissions and access controls.

Is PHP affected by CVE-2025-5395?

The WordPress Automatic Plugin contains a critical file upload vulnerability that allows authenticated users with Author-level access to upload malicious files and potentially execute code on your servers.

CVE-2025-5395

EUVD-2025-18086 HIGH

2025-06-11 [email protected]

8.8

CVSS 3.1

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Attack Vector

Network

Attack Complexity

Low

Privileges Required

Low

User Interaction

None

Scope

Unchanged

Confidentiality

High

Integrity

High

Availability

High

Lifecycle Timeline

Analysis Generated

Mar 14, 2026 - 21:09 vuln.today

EUVD ID Assigned

Mar 14, 2026 - 21:09 euvd

EUVD-2025-18086

CVE Published

Jun 11, 2025 - 07:15 nvd

HIGH 8.8

Description

The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Analysis

The WordPress Automatic Plugin (all versions up to 3.115.0) contains an arbitrary file upload vulnerability in core.php due to insufficient file type validation, allowing authenticated attackers with Author-level or higher privileges to upload malicious files and potentially achieve remote code execution. This is a high-severity vulnerability (CVSS 8.8) affecting a widely-deployed WordPress plugin; real-world exploitation requires valid WordPress credentials at Author level or above, but successful exploitation enables complete server compromise.

Technical Context

The vulnerability exists in the WordPress Automatic Plugin, a content automation and scheduling plugin for WordPress (CPE: wp:automatic). The root cause is CWE-434 (Unrestricted Upload of File with Dangerous Type), stemming from inadequate file type validation in the core.php file. The plugin fails to properly validate file extensions or MIME types before accepting uploaded files, allowing an attacker to bypass file type restrictions. Unlike unauthenticated arbitrary file upload vulnerabilities, this requires valid WordPress user credentials with Author capability (post authoring/publishing permissions) or above, reducing the immediate attack surface but still representing significant risk in multi-user WordPress environments, agency/client sites, or compromised low-privilege accounts.

Affected Products

WordPress Automatic Plugin (All versions up to and including 3.115.0); WordPress Automatic Plugin (3.116.0 and later (inferred))

Priority Score

Low Medium High Critical

KEV: 0

EPSS: +0.5

CVSS: +44

POC: 0

CVE-2025-5395 vulnerability details – vuln.today

Back

CVE-2025-5395

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

CVE-2025-5395

CVSS Vector

Lifecycle Timeline

Tags

Description

Analysis

Technical Context

Affected Products

Priority Score

Share

External POC / Exploit Code