{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6085", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-13T22:50:49.868Z", "datePublished": "2025-09-04T09:22:24.861Z", "dateUpdated": "2026-04-08T17:20:50.394Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:20:50.394Z"}, "affected": [{"vendor": "integromat", "product": "Make Connector", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.5.10", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c53c322a-b197-4ece-ae4a-a3a86a009e4d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L24"}, {"url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L74"}, {"url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L90-95"}, {"url": "https://github.com/d0n601/CVE-2025-6085"}, {"url": "https://ryankozak.com/posts/cve-2025-6085/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3361722%40integromat-connector&new=3361722%40integromat-connector&sfp_email=&sfph_mail="}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Ryan Kozak"}], "timeline": [{"time": "2025-09-03T21:08:50.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"references": [{"url": "https://ryankozak.com/posts/cve-2025-6085/", "tags": ["exploit"]}, {"url": "https://github.com/d0n601/CVE-2025-6085", "tags": ["exploit"]}], "metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-04T15:04:21.469945Z", "id": "CVE-2025-6085", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-04T15:04:25.042Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6085", "role": "CISA Coordinator", "options": [{"Exploitation": "poc"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-09-04T15:04:21.469945Z"}}}], "references": [{"url": "https://ryankozak.com/posts/cve-2025-6085/", "tags": ["exploit"]}, {"url": "https://github.com/d0n601/CVE-2025-6085", "tags": ["exploit"]}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-04T15:04:11.582Z"}}], "cna": {"title": "Make Connector <= 1.5.10 - Authenticated (Administrator+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Ryan Kozak"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.2, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "integromat", "product": "Make Connector", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "1.5.10"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-03T21:08:50.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c53c322a-b197-4ece-ae4a-a3a86a009e4d?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L24"}, {"url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L74"}, {"url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L90-95"}, {"url": "https://github.com/d0n601/CVE-2025-6085"}, {"url": "https://ryankozak.com/posts/cve-2025-6085/"}, {"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3361722%40integromat-connector&new=3361722%40integromat-connector&sfp_email=&sfph_mail="}], "descriptions": [{"lang": "en", "value": "The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:20:50.394Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6085", "state": "PUBLISHED", "dateUpdated": "2026-04-08T17:20:50.394Z", "dateReserved": "2025-06-13T22:50:49.868Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-04T09:22:24.861Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:celonis:make_connector:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "30B9C120-2AE1-4ECF-8BA2-B493E85C6ACD", "versionEndIncluding": "1.5.10", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "id": "CVE-2025-6085", "lastModified": "2026-04-08T19:24:26.337", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.2, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-04T10:42:33.787", "references": [{"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://github.com/d0n601/CVE-2025-6085"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L24"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L74"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L90-95"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3361722%40integromat-connector&new=3361722%40integromat-connector&sfp_email=&sfph_mail="}, {"source": "security@wordfence.com", "tags": ["Exploit"], "url": "https://ryankozak.com/posts/cve-2025-6085/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/c53c322a-b197-4ece-ae4a-a3a86a009e4d?source=cve"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://github.com/d0n601/CVE-2025-6085"}, {"source": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "tags": ["Exploit"], "url": "https://ryankozak.com/posts/cve-2025-6085/"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Modified", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-20T21:54:54.981048+00:00", "value": {"mitigation_remediation": ["Upgrade the Make Connector plugin to a version newer than 1.5.10 where the file validation flaw has been fixed.", "If an immediate upgrade is not possible, configure WordPress or the server to disallow execution of uploaded files in the plugin's upload directory (for example, by adding an .htaccess rule that blocks PHP execution).", "Reduce the number of users with Administrator or equivalent rights and enforce least\u2011privilege policies to limit the pool of accounts that can trigger the flaw."], "summary": {"action": "Immediate Patch", "impact": "Remote Code Execution via arbitrary file upload"}, "threat_synthesis": {"affected_systems": "Any WordPress site running the Integromat Make Connector plugin version 1.5.10 or earlier is affected. Administrators or users with equivalent privileges on those installations can exploit the flaw.", "description_and_impact": "The Make Connector plugin for WordPress allows authenticated users with Administrator level or higher to upload arbitrary files because the plugin's file type validation in the upload_media function is misconfigured. This flaw can be leveraged to place malicious scripts on the site, potentially giving an attacker the ability to execute code on the web server. The vulnerability is identified as CWE-434, representing unsafe file uploads.", "risk_and_exploitability": "The CVSS score of 7.2 reflects a moderate to high risk, and the EPSS score of 1% indicates a low but non-zero probability of exploitation. Since the attack requires Administrator or higher credentials, the threat is limited to privileged users, but the ability to upload code gives attackers a powerful vector for remote code execution. The vulnerability is not currently listed in the CISA KEV catalog."}}}}, "created": "2025-09-04T13:12:06.706237+00:00", "updated": "2026-04-20T22:00:11.217914+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}