{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-5831", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-06T19:39:29.622Z", "datePublished": "2025-07-25T06:43:54.605Z", "dateUpdated": "2026-04-08T17:27:57.185Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:57.185Z"}, "affected": [{"vendor": "Droip", "product": "Droip", "versions": [{"version": "0", "status": "affected", "lessThan": "2.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd129829-9682-4def-a07f-66f9178eeb77?source=cve"}, {"url": "https://droip.com/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "timeline": [{"time": "2025-07-24T17:25:53.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-25T11:42:42.342069Z", "id": "CVE-2025-5831", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-25T11:42:47.737Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-5831", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-25T11:42:42.342069Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-25T11:42:44.120Z"}}], "cna": {"title": "Droip < 2.5.2 - Authenticated (Subscriber+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Friderika Baranyai"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.8, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "Droip", "product": "Droip", "versions": [{"status": "affected", "version": "0", "lessThan": "2.5.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-24T17:25:53.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd129829-9682-4def-a07f-66f9178eeb77?source=cve"}, {"url": "https://droip.com/"}], "descriptions": [{"lang": "en", "value": "The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:27:57.185Z"}}}, "cveMetadata": {"cveId": "CVE-2025-5831", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:27:57.185Z", "dateReserved": "2025-06-06T19:39:29.622Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-25T06:43:54.605Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:themeum:droip:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "309A8C64-FCCF-4FBC-936E-766DEBDA6B88", "versionEndIncluding": "2.2.0", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Droip plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the make_google_font_offline() function in all versions up to, and excluding, 2.5.2. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El complemento Droip para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n make_google_font_offline() en todas las versiones hasta la 2.2.0 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-5831", "lastModified": "2026-04-08T19:24:23.280", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-25T07:15:26.143", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://droip.com/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/dd129829-9682-4def-a07f-66f9178eeb77?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T20:06:58.074232+00:00", "value": {"mitigation_remediation": ["Upgrade the Droip plugin to version 2.5.2 or later, ensuring the fixed file type validation is applied.", "If an upgrade is not immediately possible, disable file uploads for all roles except administrators, or apply a server\u2011side whitelist that rejects non\u2011image file types for the make_google_font_offline() endpoint.", "Implement additional monitoring to detect unexpected file creation in the uploads directory, and configure the web server to deny execution of uploaded files outside the designated images folder."], "summary": {"action": "Patch Immediately", "impact": "Remote Code Execution potential via arbitrary file upload"}, "threat_synthesis": {"affected_systems": "Affects the Droip plugin for WordPress, version 2.5.1 and earlier. The plugin is distributed via the WordPress ecosystem and is available from the official plugin repository and the Droip website. Any WordPress installation that has the Droip plugin at a version that is less than 2.5.2 is vulnerable, regardless of other security settings, because the vulnerability resides purely in the plugin's file upload routine.", "description_and_impact": "The Droip plugin for WordPress allows authenticated users with Subscriber-level access or higher to upload arbitrary files because the make_google_font_offline() function lacks proper file type validation. Uploaded files may then be executed on the server, enabling remote code execution. This vulnerability is classified as CWE-434, representing an unrestricted upload of a file with a dangerous type. The impact is that an attacker who has legitimate forum or blog ownership credentials can leverage the upload mechanism to place malicious code on the web server, compromising confidentiality, integrity, and availability of the site and potentially the underlying server.", "risk_and_exploitability": "The CVSS score of 8.8 marks this vulnerability as high severity. The EPSS score of < 1% indicates that, while the probability of an exploit in the wild is currently low, the existence of the flaw remains a significant risk. The vulnerability is not listed in the CISA KEV catalog, so no mandatory mitigations are in place, but the situation demands careful attention. An attacker must be authenticated as a Subscriber or higher user to exploit the flaw, which limits the attack surface to users with legitimate or compromised credentials on the target WordPress site."}}}}, "created": "2025-07-25T15:53:53.400394+00:00", "updated": "2026-04-20T20:15:06.220082+00:00", "vendors": ["themeum", "themeum$PRODUCT$droip", "wordpress", "wordpress$PRODUCT$wordpress"]}