Skip to main content

Pt Luxa Addons

1 CVEs product

Monthly

CVE-2025-60218 CRITICAL Act Now

Arbitrary file upload in the PT Luxa Addons WordPress plugin (versions 1.2.2 and earlier) allows authenticated users with low-privilege Subscriber accounts to upload attacker-controlled files to a WordPress site, leading to remote code execution and full site compromise. The scope-changed CVSS 9.9 reflects that a minimally privileged WordPress user can pivot to code execution affecting the entire web server. No public exploit identified at time of analysis.

File Upload Pt Luxa Addons
NVD
CVSS 3.1
9.9
EPSS
0.4%
EPSS 0% CVSS 9.9
CRITICAL Act Now

Arbitrary file upload in the PT Luxa Addons WordPress plugin (versions 1.2.2 and earlier) allows authenticated users with low-privilege Subscriber accounts to upload attacker-controlled files to a WordPress site, leading to remote code execution and full site compromise. The scope-changed CVSS 9.9 reflects that a minimally privileged WordPress user can pivot to code execution affecting the entire web server. No public exploit identified at time of analysis.

File Upload Pt Luxa Addons
NVD

This site uses cookies essential for authentication and security. No tracking or analytics cookies are used. Privacy Policy