CVE-2025-67910
CRITICALSeverity by source
AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Primary rating from NVD · only source for this CVE.
CVSS VectorNVD
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
Lifecycle Timeline
4DescriptionCVE.org
Unrestricted Upload of File with Dangerous Type vulnerability in contentstudio Contentstudio contentstudio allows Upload a Web Shell to a Web Server.This issue affects Contentstudio: from n/a through <= 1.3.7.
AnalysisAI
Contentstudio WordPress plugin (through 1.3.7) allows unauthenticated web shell upload, enabling immediate server compromise.
Technical ContextAI
No file type validation on uploads (CWE-434). Unauthenticated attackers can upload PHP files that execute as web shells.
Affected ProductsAI
Contentstudio WordPress plugin through 1.3.7
RemediationAI
Remove or update the plugin. Scan uploads directory for PHP files.
Same technique File Upload
View allShare
External POC / Exploit Code
Leaving vuln.today