{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10647", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-17T18:04:48.301Z", "datePublished": "2025-09-19T08:23:58.303Z", "dateUpdated": "2026-04-08T17:15:35.590Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:35.590Z"}, "affected": [{"vendor": "salzano", "product": "Embed PDF for WPForms", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.1.5", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_download_pdf_media function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af67a544-daff-469f-a66b-e998b79b7845?source=cve"}, {"url": "https://wordpress.org/plugins/embed-pdf-wpforms/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3364156/embed-pdf-wpforms/trunk/includes/class-wpforms-field-pdf-viewer.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "timeline": [{"time": "2025-09-18T01:56:55.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-09-18T19:35:54.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-19T11:46:32.047761Z", "id": "CVE-2025-10647", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-19T11:46:39.318Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10647", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-19T11:46:32.047761Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-19T11:46:36.032Z"}}], "cna": {"title": "Embed PDF for WPForms <= 1.1.5 - Authenticated (Subscriber+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Youcef Hamdani"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "salzano", "product": "Embed PDF for WPForms", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.1.5"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-18T01:56:55.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-09-18T19:35:54.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af67a544-daff-469f-a66b-e998b79b7845?source=cve"}, {"url": "https://wordpress.org/plugins/embed-pdf-wpforms/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3364156/embed-pdf-wpforms/trunk/includes/class-wpforms-field-pdf-viewer.php"}], "descriptions": [{"lang": "en", "value": "The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_download_pdf_media function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:15:35.590Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10647", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:15:35.590Z", "dateReserved": "2025-09-17T18:04:48.301Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-19T08:23:58.303Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Embed PDF for WPForms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ajax_handler_download_pdf_media function in all versions up to, and including, 1.1.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "id": "CVE-2025-10647", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-19T09:15:33.477", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3364156/embed-pdf-wpforms/trunk/includes/class-wpforms-field-pdf-viewer.php"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/embed-pdf-wpforms/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/af67a544-daff-469f-a66b-e998b79b7845?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T19:02:40.293729+00:00", "value": {"mitigation_remediation": ["Upgrade the Embed PDF for WPForms plugin to the latest version (\u22651.1.6) that adds proper file type validation to the upload handler.", "If an immediate upgrade is not possible, restrict the upload functionality by disabling the ajax_handler_download_pdf_media endpoint or limiting allowed MIME types using WordPress security plugins or custom code; this serves as a temporary workaround to prevent arbitrary file uploads.", "Audit all Subscriber accounts to ensure that only those who legitimately need access for form creation retain the capability; downgrade or remove unnecessary roles to reduce the attack surface."], "summary": {"action": "Immediate Patch", "impact": "Arbitrary File Upload potentially enabling Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The affected product is the Embed PDF for WPForms plugin developed by salzano. All releases up to and including 1.1.5 of the plugin are vulnerable. The flaw is exploitable on WordPress installations that have the plugin installed and allow Subscriber accounts (or higher) to use the PDF upload feature.", "description_and_impact": "The vulnerability stems from the Embed PDF for WPForms plugin\u2019s ajax_handler_download_pdf_media function, which lacks file type validation. This omission allows an authenticated user with Subscriber-level access or higher to upload any file type. Once on the server, a malicious file could be executed, leading to remote code execution. The weakness is categorized as CWE\u2011434, which is a file upload flaw that permits execution of arbitrary code.", "risk_and_exploitability": "The CVSS score of 8.8 marks this issue as High severity. However, the EPSS score is reported as lower than 1%, indicating a low probability of exploitation in the wild. The flaw is not listed in the CISA KEV catalog. Because the attack requires legitimate Subscriber credentials and exploitation occurs via an AJAX endpoint, the risk is mitigated by the need for authenticated access but remains significant if such accounts exist on the site. Proper restriction or patching is advised to eliminate the threat."}}}}, "created": "2025-09-22T10:00:12.937209+00:00", "updated": "2026-04-21T19:15:26.026618+00:00", "vendors": ["salzano", "salzano$PRODUCT$embed_pdf_for_wpforms_plugin", "wordpress", "wordpress$PRODUCT$wordpress"]}