{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10049", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-05T18:50:44.711Z", "datePublished": "2025-09-10T06:38:44.763Z", "dateUpdated": "2026-04-08T16:32:32.376Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:32:32.376Z"}, "affected": [{"vendor": "nik00726", "product": "Responsive Filterable Portfolio", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.24", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Responsive Filterable Portfolio <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/017f5894-be0d-4b0f-82bd-13bf7e2ff53f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=/responsive-filterable-portfolio/tags/1.0.24&new_path=/responsive-filterable-portfolio/tags/1.0.25&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-09-06T04:22:51.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-09T18:22:56.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-10T13:38:46.886645Z", "id": "CVE-2025-10049", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-10T16:10:45.086Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10049", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-10T13:38:46.886645Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-10T16:10:42.989Z"}}], "cna": {"title": "Responsive Filterable Portfolio <= 1.0.24 - Authenticated (Admin+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "nik00726", "product": "Responsive Filterable Portfolio", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.24"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-06T04:22:51.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-09T18:22:56.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/017f5894-be0d-4b0f-82bd-13bf7e2ff53f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/changeset?old_path=/responsive-filterable-portfolio/tags/1.0.24&new_path=/responsive-filterable-portfolio/tags/1.0.25&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-10T06:38:44.763Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10049", "state": "PUBLISHED", "dateUpdated": "2025-09-10T16:10:45.086Z", "dateReserved": "2025-09-05T18:50:44.711Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-10T06:38:44.763Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Responsive Filterable Portfolio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation via the HdnMediaSelection_image field in all versions up to, and including, 1.0.24. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "id": "CVE-2025-10049", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-10T07:15:43.887", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?old_path=/responsive-filterable-portfolio/tags/1.0.24&new_path=/responsive-filterable-portfolio/tags/1.0.25&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/017f5894-be0d-4b0f-82bd-13bf7e2ff53f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T22:15:32.960997+00:00", "value": {"mitigation_remediation": ["Upgrade the Responsive Filterable Portfolio plugin to version 1.0.25 or newer.", "If an upgrade is not immediately possible, disable or restrict the HdnMediaSelection_image upload feature to accept only safe file types and enforce MIME type checks at the application level.", "Ensure the server\u2019s file permissions and configuration prevent execution of files in the upload directory, and monitor upload logs for suspicious activity."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Upload leading to potential Remote Code Execution"}, "threat_synthesis": {"affected_systems": "WordPress sites that have the Responsive Filterable Portfolio plugin by nik00726 installed in any version up to and including 1.0.24 are affected. Users who can authenticate as administrators or higher are able to exploit the flaw.\n", "description_and_impact": "The Responsive Filterable Portfolio plugin allows an authenticated attacker with Administrator privileges to upload arbitrary files through the HdnMediaSelection_image field because the plugin does not validate the file type. This flaw can enable attackers to place malicious scripts or executables on the server, potentially leading to remote code execution.\n", "risk_and_exploitability": "The vulnerability has a CVSS score of 7.2, indicating moderate to high severity, and an EPSS score of less than 1%, suggesting a low current exploitation probability. It is not listed in the CISA KEV catalog. The attack requires legitimate administrator access; once the attacker can upload a file, they can place code in a web\u2011accessible location, potentially achieving remote code execution if the server executes uploaded files."}}}}, "created": "2026-04-22T22:30:28.822907+00:00", "updated": "2026-04-22T22:30:28.822931+00:00", "vendors": []}