EUVD-2025-18541

| CVE-2025-47452 CRITICAL
2025-06-17 [email protected]
9.9
CVSS 3.1
Share

CVSS Vector

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H
Attack Vector
Network
Attack Complexity
Low
Privileges Required
Low
User Interaction
None
Scope
Changed
Confidentiality
High
Integrity
High
Availability
High

Lifecycle Timeline

3
Analysis Generated
Mar 14, 2026 - 22:15 vuln.today
EUVD ID Assigned
Mar 14, 2026 - 22:15 euvd
EUVD-2025-18541
CVE Published
Jun 17, 2025 - 15:15 nvd
CRITICAL 9.9

Tags

File Upload

Description

Unrestricted Upload of File with Dangerous Type vulnerability in RexTheme WP VR allows Upload a Web Shell to a Web Server. This issue affects WP VR: from n/a through 8.5.26.

Analysis

Critical unrestricted file upload vulnerability in RexTheme WP VR plugin (versions through 8.5.26) that allows authenticated users with low privileges to upload and execute arbitrary web shells on affected WordPress servers. With a CVSS score of 9.9 and network-based attack vector requiring only low privileges, this vulnerability poses an immediate threat to WordPress installations using the affected plugin and likely has active exploitation potential given the ease of weaponization.

Technical Context

This vulnerability stems from improper file upload validation in the WP VR plugin, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type). The affected technology is a WordPress plugin architecture that fails to implement adequate server-side validation of uploaded file types and content. Specifically, the plugin likely accepts file uploads in user-accessible directories without verifying MIME types, file extensions, or executable content patterns, and may not implement proper Content-Disposition headers or execution restrictions (e.g., .htaccess rules to prevent PHP execution in upload directories). The affected CPE would be approximately: cpe:2.4/a/rextheme:wp_vr:*:*:*:*:*:wordpress:*. The vulnerability affects all versions from unspecified baseline through 8.5.26, indicating a long-standing issue.

Affected Products

RexTheme WP VR plugin: versions 0 (or unspecified) through 8.5.26 inclusive. Affected installations: WordPress sites with WP VR plugin version ≤8.5.26 where user authentication exists (even low-privilege users). No specific vendor advisory URL was provided in the data, but remediation should reference the official RexTheme plugin repository or security advisory channel. The vulnerability affects WordPress multisite and single-site installations equally, provided the plugin is active.

Remediation

Immediate remediation: (1) **Upgrade**: Update WP VR plugin to version 8.5.27 or later (version number assumed based on affected range; verify with RexTheme official sources); (2) **Interim mitigation** (if immediate patching is not possible): Disable the WP VR upload functionality via plugin settings or code-level restrictions; implement .htaccess rules in the wp-content/uploads directory to prevent PHP execution (e.g., 'php_flag engine off'); restrict upload permissions to administrator-only users via Role-Based Access Control; (3) **Detection**: Scan WordPress file system for suspicious .php, .phtml, .php3, .php4, .php5, .pht, .phar files in wp-content/uploads and plugin directories created after plugin deployment; audit WordPress user roles and revoke unnecessary upload capabilities from non-administrative accounts; (4) **Response**: Review web server logs for POST requests to upload endpoints; check for webshell execution indicators in access logs (unusual request patterns, outbound connections from web server processes). Contact RexTheme support for official patched version confirmation and CVE advisory details.

Priority Score

50
Low Medium High Critical
KEV: 0
EPSS: +0.1
CVSS: +50
POC: 0

Share

EUVD-2025-18541 vulnerability details – vuln.today
Back

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy