{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-1093", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-02-06T19:54:04.137Z", "datePublished": "2025-04-19T03:21:23.357Z", "dateUpdated": "2026-04-08T16:34:31.588Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:31.588Z"}, "affected": [{"vendor": "LiquidThemes", "product": "AI Hub - Startup & Technology WordPress Theme", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09adfe7e-f154-4143-827f-957ded3ffc8f?source=cve"}, {"url": "https://themeforest.net/item/ai-hub-startup-technology-wordpress-theme/47473638"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 9.8, "baseSeverity": "CRITICAL"}}], "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "timeline": [{"time": "2025-04-18T14:37:49.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-21T02:43:17.853469Z", "id": "CVE-2025-1093", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T02:43:50.427Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-1093", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "yes"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-21T02:43:17.853469Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-21T02:43:43.691Z"}}], "cna": {"title": "AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image", "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 9.8, "baseSeverity": "CRITICAL", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "LiquidThemes", "product": "AI Hub - Startup & Technology WordPress Theme", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-18T14:37:49.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09adfe7e-f154-4143-827f-957ded3ffc8f?source=cve"}, {"url": "https://themeforest.net/item/ai-hub-startup-technology-wordpress-theme/47473638"}], "descriptions": [{"lang": "en", "value": "The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:34:31.588Z"}}}, "cveMetadata": {"cveId": "CVE-2025-1093", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:34:31.588Z", "dateReserved": "2025-02-06T19:54:04.137Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-19T03:21:23.357Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El tema AIHub para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n generate_image en todas las versiones hasta la 1.3.7 incluida. Esto permite que atacantes no autenticados carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-1093", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 9.8, "baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 3.9, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-04-19T04:15:21.733", "references": [{"source": "security@wordfence.com", "url": "https://themeforest.net/item/ai-hub-startup-technology-wordpress-theme/47473638"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/09adfe7e-f154-4143-827f-957ded3ffc8f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T17:31:00.697377+00:00", "value": {"mitigation_remediation": ["Upgrade the LiquidThemes AI Hub Theme to a version newer than 1.3.7.", "If an update is not immediately available, restrict write permissions on the uploads directory so that only trusted roles can add files.", "Disable or protect the generate_image endpoint\u2014e.g., via a .htaccess rule or by removing the feature through theme or plugin settings."], "summary": {"action": "Immediate Patch", "impact": "Remote File Upload with Potential Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the LiquidThemes AI Hub WordPress theme, versions up to and including 1.3.7. Site owners running these versions are at risk if the generate_image endpoint remains publicly accessible.", "description_and_impact": "The AI Hub WordPress theme contains a flaw in the generate_image function where user supplied files are not validated for type. This omission allows an attacker to upload arbitrary files, which could include malicious scripts, to the server. If the uploaded file is later executed, remote code execution becomes feasible.", "risk_and_exploitability": "The CVSS score of 9.8 denotes a high severity. With an EPSS score of 2%, exploitation is considered likely in the current threat landscape, and the vulnerability is not yet listed in CISA KEV. Attackers can reach the vulnerable endpoint without authentication, upload a crafted file, and then trigger execution through the server\u2019s PHP interpreter or by placing the payload in a web\u2011executable directory."}}}}, "created": "2026-04-22T17:45:22.917388+00:00", "updated": "2026-04-22T17:45:22.917420+00:00", "vendors": []}