{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-10749", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-19T20:14:48.909Z", "datePublished": "2025-10-24T08:24:04.556Z", "dateUpdated": "2026-04-08T17:29:00.416Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:29:00.416Z"}, "affected": [{"vendor": "10up", "product": "Microsoft Azure Storage for WordPress", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "4.5.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated attackers with subscriber-level access and above to delete arbitrary media files from the WordPress Media Library via the replace_attachment parameter granted they can access the nonce which is exposed to all authenticated users."}], "title": "Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1b80852-a221-4c2c-b76d-8bdcd1e0f1ad?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/windows-azure-storage/tags/4.5.1/includes/class-windows-azure-replace-media.php#L152"}, {"url": "https://plugins.trac.wordpress.org/browser/windows-azure-storage/tags/4.5.1/includes/class-windows-azure-replace-media.php#L346"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3386127%40windows-azure-storage&new=3386127%40windows-azure-storage&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "baseScore": 5.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "timeline": [{"time": "2025-10-23T20:09:38.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-10-24T12:10:41.168758Z", "id": "CVE-2025-10749", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-24T12:30:17.813Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-10749", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-10-24T12:10:41.168758Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-10-24T12:10:41.976Z"}}], "cna": {"title": "Microsoft Azure Storage for WordPress <= 4.5.1 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Media Deletion", "credits": [{"lang": "en", "type": "finder", "value": "Jonas Benjamin Friedli"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 5.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L"}}], "affected": [{"vendor": "10up", "product": "Microsoft Azure Storage for WordPress", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "4.5.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-10-23T20:09:38.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1b80852-a221-4c2c-b76d-8bdcd1e0f1ad?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/windows-azure-storage/tags/4.5.1/includes/class-windows-azure-replace-media.php#L152"}, {"url": "https://plugins.trac.wordpress.org/browser/windows-azure-storage/tags/4.5.1/includes/class-windows-azure-replace-media.php#L346"}], "descriptions": [{"lang": "en", "value": "The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated attackers with subscriber-level access and above to delete arbitrary media files from the WordPress Media Library via the replace_attachment parameter granted they can access the nonce which is exposed to all authenticated users."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-10-24T08:24:04.556Z"}}}, "cveMetadata": {"cveId": "CVE-2025-10749", "state": "PUBLISHED", "dateUpdated": "2025-10-24T12:30:17.813Z", "dateReserved": "2025-09-19T20:14:48.909Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-10-24T08:24:04.556Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Microsoft Azure Storage for WordPress plugin for WordPress is vulnerable to Unauthorized Arbitrary Media Deletion in all versions up to, and including, 4.5.1. This is due to missing capability checks on the 'azure-storage-media-replace' AJAX action. This makes it possible for authenticated attackers with subscriber-level access and above to delete arbitrary media files from the WordPress Media Library via the replace_attachment parameter granted they can access the nonce which is exposed to all authenticated users."}], "id": "CVE-2025-10749", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "LOW", "baseScore": 5.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:L", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 2.5, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-10-24T09:15:41.670", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/windows-azure-storage/tags/4.5.1/includes/class-windows-azure-replace-media.php#L152"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/windows-azure-storage/tags/4.5.1/includes/class-windows-azure-replace-media.php#L346"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3386127%40windows-azure-storage&new=3386127%40windows-azure-storage&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/e1b80852-a221-4c2c-b76d-8bdcd1e0f1ad?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T03:58:28.130380+00:00", "value": {"mitigation_remediation": ["Upgrade Microsoft Azure Storage for WordPress to the latest stable release, which adds proper capability checks to the replace_attachment endpoint.", "If an upgrade is not feasible, add a custom capability check in the plugin or theme functions.php to restrict the \"azure-storage-media-replace\" AJAX action to administrators only, for example by verifying current_user_can(\"manage_options\").", "After applying the fix, audit the Media Library for removed or missing files and restore any lost attachments from backup to recover deleted media."], "summary": {"action": "Patch Upgrade", "impact": "Arbitrary Media Deletion"}, "threat_synthesis": {"affected_systems": "WordPress sites running the Microsoft Azure Storage for WordPress plugin version 4.5.1 or earlier from the vendor 10up are affected. The vulnerability applies to all installations of this plugin version range and does not affect later releases. No additional version details are provided.", "description_and_impact": "The Microsoft Azure Storage for WordPress plugin contains a missing capability check on the 'azure-storage-media-replace' AJAX action, allowing an authenticated user with a subscriber role or greater to delete arbitrary media attachments by providing a replace_attachment parameter. This weakness is a CWE-862 Missing Authorization defect, enabling unauthorized deletion. The plugin's description explicitly states that users can delete media files from the WordPress Media Library. It is inferred that this deletion could lead to loss or tampering of media assets on the site.", "risk_and_exploitability": "The CVSS score of 5.4 indicates medium severity, requiring an authenticated session with at least subscriber-level privileges and access to the exposed nonce. The EPSS score is less than 1%, suggesting a low likelihood of exploitation. The vulnerability is not listed in the CISA KEV catalog. Based on the description, the attack vector is likely an authenticated user with a subscriber role or higher on the WordPress site. The risk is moderate, but unattended sites could suffer media loss or defacement."}}}}, "created": "2025-10-27T22:13:18.383116+00:00", "updated": "2026-04-22T04:00:08.023706+00:00", "vendors": ["10up", "10up$PRODUCT$microsoft_azure_storage_for_wordpress", "wordpress", "wordpress$PRODUCT$wordpress"]}