{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-3914", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-04-23T23:16:53.700Z", "datePublished": "2025-04-26T05:34:24.102Z", "dateUpdated": "2026-04-08T17:13:12.020Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:13:12.020Z"}, "affected": [{"vendor": "aeropage", "product": "Aeropage Sync for Airtable", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.2.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a501c2d6-cdcc-4003-99df-245f5253e20f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1214"}, {"url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1215"}, {"url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1250"}, {"url": "https://plugins.trac.wordpress.org/changeset/3281904/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "timeline": [{"time": "2025-04-25T00:00:00.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-04-28T13:38:29.511522Z", "id": "CVE-2025-3914", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T15:34:48.483Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-3914", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-04-28T13:38:29.511522Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-04-28T13:39:51.875Z"}}], "cna": {"title": "Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Cheng Liu"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "aeropage", "product": "Aeropage Sync for Airtable", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "3.2.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-04-25T00:00:00.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a501c2d6-cdcc-4003-99df-245f5253e20f?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1214"}, {"url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1215"}, {"url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1250"}, {"url": "https://plugins.trac.wordpress.org/changeset/3281904/"}], "descriptions": [{"lang": "en", "value": "The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-04-26T05:34:24.102Z"}}}, "cveMetadata": {"cveId": "CVE-2025-3914", "state": "PUBLISHED", "dateUpdated": "2025-04-28T15:34:48.483Z", "dateReserved": "2025-04-23T23:16:53.700Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-04-26T05:34:24.102Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:aeropage:aeropage_sync_for_airtable:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "6DCF5084-8DF9-4B35-B937-3DCA65B3708D", "versionEndExcluding": "3.3.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El complemento Aeropage Sync para Airtable de WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'aeropage_media_downloader' en todas las versiones hasta la 3.2.0 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-3914", "lastModified": "2025-05-06T16:25:52.830", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-04-26T06:15:16.563", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1214"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1215"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1250"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3281904/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/a501c2d6-cdcc-4003-99df-245f5253e20f?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Primary"}, {"description": [{"lang": "en", "value": "CWE-434"}], "source": "nvd@nist.gov", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T23:05:59.659823+00:00", "value": {"mitigation_remediation": ["Apply the latest plugin update, which removes the vulnerability (version > 3.2.0).", "If an immediate update is not possible, temporarily disable the aeropage_media_downloader endpoint or block execution of files uploaded via the plugin by configuring the web server or WordPress to deny *.php uploads in wp-content.", "Enable strict file type restrictions in the plugin or by implementing a security plugin that permits only approved file extensions (e.g., jpg, png, pdf) for media uploads.", "Monitor server logs for suspicious upload activity and restrict access to the uploader to trusted administrators if possible."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution"}, "threat_synthesis": {"affected_systems": "The vulnerability affects the Aeropage Sync for Airtable WordPress plugin from Aeropage. All releases up to including version 3.2.0 are impacted. Any WordPress site that has this plugin installed in those versions is at risk.", "description_and_impact": "The Aeropage Sync for Airtable plugin for WordPress contains an arbitrary file upload flaw due to missing file type validation in the aeropage_media_downloader function. Authenticated users with Subscriber-level permissions or higher can upload any file type to the server. If the uploaded file is a PHP script or other executable content, it could enable an attacker to run arbitrary code on the server, compromising confidentiality, integrity, and availability.", "risk_and_exploitability": "The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score of 3% shows a modest probability of exploitation in the wild, and the flaw is not currently listed in CISA's KEV catalog, suggesting no recorded large\u2011scale attacks yet. Exploitation requires a user authenticated as Subscriber or higher on the target WordPress installation. Once uploaded, an attacker may place a malicious file in a location from which it can be executed, possibly leading to remote code execution. The absence of validation makes the attack path straightforward when the attacker has legitimate credentials."}}}}, "created": "2026-04-20T23:15:06.303447+00:00", "updated": "2026-04-20T23:15:06.303458+00:00", "vendors": []}