Skip to main content

Filr CVE-2026-28133

HIGH
Unrestricted Upload of File with Dangerous Type (CWE-434)
2026-03-05 audit@patchstack.com
8.5
CVSS 3.1 · NVD
Share

Severity by source

NVD PRIMARY
8.5 HIGH
AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H

Primary rating from NVD · only source for this CVE.

CVSS VectorNVD

CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
High
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

5
Analysis Updated
Apr 28, 2026 - 13:29 vuln.today
v2 (cvss_changed)
CVSS changed
Apr 28, 2026 - 13:22 NVD
8.1 (HIGH) 8.5 (HIGH)
Re-analysis Queued
Apr 22, 2026 - 21:37 vuln.today
cvss_changed
Analysis Generated
Mar 12, 2026 - 22:06 vuln.today
CVE Published
Mar 05, 2026 - 06:16 nvd
HIGH 8.1

DescriptionCVE.org

Unrestricted Upload of File with Dangerous Type vulnerability in WP Chill Filr filr-protection allows Upload a Web Shell to a Web Server.This issue affects Filr: from n/a through <= 1.2.12.

AnalysisAI

Arbitrary file upload in Filr WordPress plugin versions ≤1.2.12 allows authenticated attackers with low privileges to upload web shells, achieving remote code execution with changed scope (S:C). Despite high CVSS 8.5, exploitation requires authentication and moderately complex conditions (AC:H). EPSS probability remains very low at 0.03% (10th percentile), and no active exploitation or public proof-of-concept has been identified. Patchstack disclosure indicates this is a targeted vulnerability requiring specific WordPress role permissions rather than mass-exploitable issue.

Technical ContextAI

This vulnerability stems from CWE-434 (Unrestricted Upload of File with Dangerous Type) in the Filr WordPress plugin by WP Chill. The plugin fails to properly validate file types and extensions during upload operations, allowing malicious file execution. The 'changed scope' indicator (S:C) in the CVSS vector suggests the vulnerability enables attackers to break out of the plugin's security context and execute code in the broader WordPress/web server environment. WordPress file upload vulnerabilities typically exploit inadequate MIME type checking, missing file extension whitelisting, or bypasses using double extensions or null bytes. The AC:H (high attack complexity) suggests exploitation requires specific knowledge of plugin internals, timing conditions, or non-default configurations that aren't universally present across all installations.

Affected ProductsAI

WordPress plugin Filr (also known as filr-protection) by WP Chill, all versions from earliest release through version 1.2.12 inclusive. The vulnerability report from Patchstack (audit@patchstack.com) identifies the specific affected range as n/a through ≤1.2.12, indicating all historical versions contain this flaw. No CPE identifier provided in available data. Vendor advisory and technical details available at Patchstack vulnerability database reference https://patchstack.com/database/Wordpress/Plugin/filr-protection/vulnerability/wordpress-filr-plugin-1-2-12-arbitrary-file-upload-vulnerability.

RemediationAI

Upgrade Filr plugin to version 1.2.13 or later if available (exact patched version not independently confirmed from provided data-verify current version status at WordPress plugin repository or Patchstack advisory at https://patchstack.com/database/Wordpress/Plugin/filr-protection/vulnerability/wordpress-filr-plugin-1-2-12-arbitrary-file-upload-vulnerability). If immediate upgrade is not feasible, implement compensating controls: restrict Filr plugin usage to only Administrator and Editor roles through WordPress capability filtering (side effect: legitimate Contributors/Authors lose access to plugin features); implement web application firewall rules to block PHP/executable file uploads to plugin directories (may cause false positives for legitimate file types); disable the Filr plugin entirely until patched version is confirmed and deployed (eliminates plugin functionality). Monitor WordPress user accounts with Contributor-level or higher permissions for suspicious activity. Review existing uploaded files in Filr directories for unexpected executable content (PHP, JSP, ASPX extensions).

Share

CVE-2026-28133 vulnerability details – vuln.today

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy