{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-14632", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-12-12T22:06:42.902Z", "datePublished": "2026-01-17T02:22:32.399Z", "dateUpdated": "2026-04-08T17:19:52.774Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:52.774Z"}, "affected": [{"vendor": "wpchill", "product": "Filr \u2013 Secure document library", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.2.11", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Filr \u2013 Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILR_Uploader class. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload malicious HTML files containing JavaScript that will execute whenever a user accesses the uploaded file, granted they have permission to create or edit posts with the 'filr' post type."}], "title": "Filr \u2013 Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c16c3a8d-bae1-4729-86c8-ec13481ff187?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/filr-protection/trunk/src/class-filr-uploader.php#L14"}, {"url": "https://plugins.trac.wordpress.org/browser/filr-protection/tags/1.2.10/src/class-filr-uploader.php#L14"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3425333%40filr-protection&new=3425333%40filr-protection&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "baseScore": 4.4, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Phap Nguyen Anh"}], "timeline": [{"time": "2025-12-12T22:24:02.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2026-01-16T14:11:18.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2026-01-20T18:41:32.835064Z", "id": "CVE-2025-14632", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T19:24:10.881Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-14632", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2026-01-20T18:41:32.835064Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2026-01-20T18:45:22.442Z"}}], "cna": {"title": "Filr \u2013 Secure document library <= 1.2.11 - Authenticated (Administrator+) Stored Cross-Site Scripting via HTML Upload", "credits": [{"lang": "en", "type": "finder", "value": "Phap Nguyen Anh"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.4, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N"}}], "affected": [{"vendor": "wpchill", "product": "Filr \u2013 Secure document library", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.2.11"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-12-12T22:24:02.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2026-01-16T14:11:18.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c16c3a8d-bae1-4729-86c8-ec13481ff187?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/filr-protection/trunk/src/class-filr-uploader.php#L14"}, {"url": "https://plugins.trac.wordpress.org/browser/filr-protection/tags/1.2.10/src/class-filr-uploader.php#L14"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3425333%40filr-protection&new=3425333%40filr-protection&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Filr \u2013 Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILR_Uploader class. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload malicious HTML files containing JavaScript that will execute whenever a user accesses the uploaded file, granted they have permission to create or edit posts with the 'filr' post type."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:19:52.774Z"}}}, "cveMetadata": {"cveId": "CVE-2025-14632", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:19:52.774Z", "dateReserved": "2025-12-12T22:06:42.902Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2026-01-17T02:22:32.399Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Filr \u2013 Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILR_Uploader class. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload malicious HTML files containing JavaScript that will execute whenever a user accesses the uploaded file, granted they have permission to create or edit posts with the 'filr' post type."}, {"lang": "es", "value": "El plugin Filr \u2013 Secure document library para WordPress es vulnerable a cross-site scripting almacenado a trav\u00e9s de la carga de archivos sin restricciones en todas las versiones hasta la 1.2.11, inclusive, debido a restricciones de tipo de archivo insuficientes en la clase FILR_Uploader. Esto permite a atacantes autenticados, con acceso de nivel de Administrador y superior, cargar archivos HTML maliciosos que contienen JavaScript que se ejecutar\u00e1 cada vez que un usuario acceda al archivo cargado, siempre que tengan permiso para crear o editar publicaciones con el tipo de publicaci\u00f3n 'filr'."}], "id": "CVE-2025-14632", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.4, "baseSeverity": "MEDIUM", "confidentialityImpact": "LOW", "integrityImpact": "LOW", "privilegesRequired": "HIGH", "scope": "CHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N", "version": "3.1"}, "exploitabilityScore": 1.3, "impactScore": 2.7, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2026-01-17T03:16:03.527", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/filr-protection/tags/1.2.10/src/class-filr-uploader.php#L14"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/filr-protection/trunk/src/class-filr-uploader.php#L14"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3425333%40filr-protection&new=3425333%40filr-protection&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c16c3a8d-bae1-4729-86c8-ec13481ff187?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T00:23:17.264737+00:00", "value": {"mitigation_remediation": ["Upgrade Filr \u2013 Secure document library to the latest release (1.2.12 or newer) which includes proper file\u2011type validation.", "If an upgrade is not immediately possible, configure the web server or a security plugin to reject uploads with a .html (or .htm) extension or other non\u2011image file types for this plugin and remove the ability to edit the 'filr' post type via the uploader.", "Limit the number of users with Administrator or higher privileges, audit those accounts for compromise, and monitor for any unexpected use of the plugin\u2019s upload feature."], "summary": {"action": "Immediate Patch", "impact": "Stored Cross\u2011Site Scripting (XSS)"}, "threat_synthesis": {"affected_systems": "The vulnerability occurs in all releases of the Filr \u2013 Secure document library plugin up to and including version 1.2.11. The affected product is the WordPress plugin known as Filr \u2013 Secure document library, created by wpchill. No other vendor or product versions are listed as affected.", "description_and_impact": "The Filr \u2013 Secure document library plugin for WordPress allows an authenticated attacker with Administrator\u2011level or higher privileges to upload arbitrary files through its FILR_Uploader component. Because the upload path accepts any file type without proper validation, the plugin stores the uploaded content as is. An attacker can upload a malicious HTML file containing embedded JavaScript; when any user with permission to edit or create posts of the 'filr' post type accesses that file, the script executes within their browser context, potentially exfiltrating data or facilitating further attacks. This represents a stored XSS vulnerability (CWE\u2011434) that can compromise the confidentiality and integrity of the site\u2019s users.", "risk_and_exploitability": "The CVSS v3.1 score of 4.4 indicates a moderate severity. The EPSS score of less than 1\u202f% suggests that, at the time of assessment, the probability of exploitation is low, and the vulnerability is not listed in the CISA KEV catalog. However, because the flaw only requires legitimate administrator credentials, it is accessible to users who legitimately have such privileges. If such accounts are compromised or if the plugin\u2019s permission checks are inadequate, an attacker could deploy cross\u2011site scripting attacks on any user who interacts with the uploaded malicious file."}}}}, "created": "2026-01-19T09:19:27.901527+00:00", "updated": "2026-04-21T00:30:22.970269+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}