{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14045", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-04T16:19:35.756Z", "datePublished": "2025-12-12T03:20:44.837Z", "dateUpdated": "2026-04-08T16:54:30.863Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:54:30.863Z"}, "affected": [{"vendor": "apprhyme", "product": "URL Media Uploader", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.0.1", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload safe media files."}], "title": "URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57f09da9-0d2c-45db-b3ed-19a7c9f5a001?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/url-media-uploader/trunk/url-media-uploader.php#L52"}, {"url": "https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e"}, {"url": "https://plugins.trac.wordpress.org/browser/url-media-uploader/tags/1.0.1/url-media-uploader.php#L52"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-862 Missing Authorization", "cweId": "CWE-862", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "baseScore": 4.3, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "jason carle"}], "timeline": [{"time": "2025-12-11T14:28:59.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"references": [{"url": "https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-12-15T18:06:29.614890Z", "id": "CVE-2025-14045", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T18:15:51.629Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14045", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-12-15T18:06:29.614890Z"}}}], "references": [{"url": "https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-12-15T18:06:31.913Z"}}], "cna": {"title": "URL Media Uploader <= 1.0.1 - Missing Authorization to Authenticated (Contributor+) Safe File Upload", "credits": [{"lang": "en", "type": "finder", "value": "jason carle"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.3, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N"}}], "affected": [{"vendor": "apprhyme", "product": "URL Media Uploader", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.0.1"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-11T14:28:59.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57f09da9-0d2c-45db-b3ed-19a7c9f5a001?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/url-media-uploader/trunk/url-media-uploader.php#L52"}, {"url": "https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e"}, {"url": "https://plugins.trac.wordpress.org/browser/url-media-uploader/tags/1.0.1/url-media-uploader.php#L52"}], "descriptions": [{"lang": "en", "value": "The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload safe media files."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-862", "description": "CWE-862 Missing Authorization"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-12-12T03:20:44.837Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14045", "state": "PUBLISHED", "dateUpdated": "2025-12-15T18:15:51.629Z", "dateReserved": "2025-12-04T16:19:35.756Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-12-12T03:20:44.837Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload safe media files."}], "id": "CVE-2025-14045", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.3, "baseSeverity": "MEDIUM", "confidentialityImpact": "NONE", "integrityImpact": "LOW", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 1.4, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-12-12T04:15:46.557", "references": [{"source": "security@wordfence.com", "url": "https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/url-media-uploader/tags/1.0.1/url-media-uploader.php#L52"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/url-media-uploader/trunk/url-media-uploader.php#L52"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/57f09da9-0d2c-45db-b3ed-19a7c9f5a001?source=cve"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "url": "https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-862"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T00:16:40.431032+00:00", "value": {"mitigation_remediation": ["Update the URL Media Uploader plugin to a version that includes a proper capability check, such as 1.0.2 or newer.", "If an update is not possible, manually edit the plugin\u2019s upload handler to add a capability check using current_user_can( 'upload_files' ).", "Restrict Contributor and higher roles from uploading media by adjusting WordPress role capabilities or disabling the upload feature for those roles."], "summary": {"action": "Apply Patch", "impact": "Unauthorized Safe File Upload by Authenticated Contributors"}, "threat_synthesis": {"affected_systems": "WordPress installations that use the URL Media Uploader plugin by apprhyme. All releases up to and including version 1.0.1 are affected. Site administrators should confirm the plugin\u2019s presence and version to assess exposure.", "description_and_impact": "The URL Media Uploader plugin for WordPress permits attackers who are logged in with Contributor-level privileges or higher to upload arbitrary safe media files, because the url_media_uploader_url_upload_ajax_handler() function lacks a capability check. This missing authorization allows authenticated users to place files into the site\u2019s media library. The flaw is categorized as CWE\u2011862: Missing Authorization.", "risk_and_exploitability": "The CVSS score of 4.3 classifies the flaw as moderate severity. The EPSS score of less than 1% indicates a low probability of exploitation, and the vulnerability is not listed in CISA\u2019s KEV catalog. Nevertheless, the attack can be performed by any authenticated user with Contributor access, so the risk level is significant for sites that grant such roles. Patching or mitigating the missing capability check will render the upload endpoint unusable by contributors."}}}}, "created": "2025-12-12T08:48:17.201296+00:00", "updated": "2026-04-22T00:30:04.038859+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}