{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-12181", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-10-24T19:06:49.890Z", "datePublished": "2025-12-05T05:31:24.852Z", "dateUpdated": "2026-04-08T16:55:23.744Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:23.744Z"}, "affected": [{"vendor": "contentstudio", "product": "ContentStudio", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.3.7", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2025-67910 is likely a duplicate of this."}], "title": "ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b92b0a4-7ebf-43b3-837b-ad710e5e35ff?source=cve"}, {"url": "https://wordpress.org/plugins/contentstudio/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3412182/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "timeline": [{"time": "2025-12-04T17:24:52.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-05T14:26:29.278759Z", "id": "CVE-2025-12181", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T14:26:48.975Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-12181", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-05T14:26:29.278759Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-05T14:26:33.286Z"}}], "cna": {"title": "ContentStudio <= 1.3.7 - Authenticated (Author+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Kenneth Dunn"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "contentstudio", "product": "ContentStudio", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.3.7"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-04T17:24:52.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b92b0a4-7ebf-43b3-837b-ad710e5e35ff?source=cve"}, {"url": "https://wordpress.org/plugins/contentstudio/"}, {"url": "https://plugins.trac.wordpress.org/changeset/3412182/"}], "descriptions": [{"lang": "en", "value": "The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2025-67910 is likely a duplicate of this."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:55:23.744Z"}}}, "cveMetadata": {"cveId": "CVE-2025-12181", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:55:23.744Z", "dateReserved": "2025-10-24T19:06:49.890Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-05T05:31:24.852Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The ContentStudio plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the cstu_update_post() function in all versions up to, and including, 1.3.7. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. CVE-2025-67910 is likely a duplicate of this."}], "id": "CVE-2025-12181", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-05T06:16:06.403", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset/3412182/"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/contentstudio/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5b92b0a4-7ebf-43b3-837b-ad710e5e35ff?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T12:17:23.296990+00:00", "value": {"mitigation_remediation": ["Upgrade the ContentStudio plugin to the latest available version that is newer than 1.3.7, if a post\u20111.3.7 release exists. ", "If upgrade is not possible, restrict the plugin\u2019s upload capability to Administrators only and configure WordPress to allow only safe file types, blocking executable extensions and disabling execute permissions on the uploads directory. ", "Adjust role capabilities so that only users with the Administrator role can perform file uploads through the plugin, reducing the threat surface."], "summary": {"action": "Immediate Patch", "impact": "Remote File Upload leading to Remote Code Execution"}, "threat_synthesis": {"affected_systems": "WordPress sites that use the ContentStudio plugin version 1.3.7 or earlier. Any such installation is vulnerable to arbitrary file uploads when an author or higher level user has access to the plugin\u2019s update functionality.", "description_and_impact": "The ContentStudio plugin for WordPress contains a missing file type validation in the cstu_update_post() function in all versions up to and including 1.3.7. This flaw allows authenticated users with Author-level access or higher to upload any file to the site\u2019s server. If an attacker can upload a file that is executed by the web server, the compromise can become full remote code execution, giving the attacker control over the host. The weakness is a classic missing file type validation, classified as CWE\u2011434.", "risk_and_exploitability": "With a CVSS score of 8.8, the vulnerability is assessed as high severity. The EPSS score of < 1% indicates a low probability of exploitation at present, and the issue is not listed in the CISA KEV catalog. The attack vector requires an authenticated user with author or higher privileges, which could be achieved through credential compromise or social engineering. If an attacker succeeds in uploading a malicious file, the potential for remote code execution depends on the web server\u2019s configuration and filesystem permissions. The vulnerability is thought to be a duplicate of CVE\u20112025\u201167910."}}}}, "created": "2025-12-05T10:51:59.644151+00:00", "updated": "2026-04-22T12:30:16.827717+00:00", "vendors": ["contentstudio", "contentstudio$PRODUCT$contentstudio", "wordpress", "wordpress$PRODUCT$wordpress"]}