{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-6207", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-06-17T17:24:19.547Z", "datePublished": "2025-08-05T07:24:14.925Z", "dateUpdated": "2026-04-08T16:37:38.809Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:38.809Z"}, "affected": [{"vendor": "vjinfotech", "product": "WP Import Export Lite", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.9.28", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "title": "WP Import Export Lite <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/188eef67-de66-49c2-aa6c-2cf3b886ff66?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/class-wpie-common-action.php#L386"}, {"url": "https://plugins.trac.wordpress.org/changeset/3323402/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type", "cweId": "CWE-434", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.5, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Vincent Fourcade"}, {"lang": "en", "type": "finder", "value": "Mathys"}, {"lang": "en", "type": "finder", "value": "J\u00e9r\u00f4me Gaudin"}], "timeline": [{"time": "2026-01-19T16:28:52.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-04T18:51:53.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-05T15:52:15.988492Z", "id": "CVE-2025-6207", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-05T15:52:50.063Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-6207", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-08-05T15:52:15.988492Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-05T15:52:31.308Z"}}], "cna": {"title": "WP Import Export Lite <= 3.9.28 - Authenticated (Subscriber+) Arbitrary File Upload", "credits": [{"lang": "en", "type": "finder", "value": "Vincent Fourcade"}, {"lang": "en", "type": "finder", "value": "Mathys"}, {"lang": "en", "type": "finder", "value": "J\u00e9r\u00f4me Gaudin"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 7.5, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "vjinfotech", "product": "WP Import Export Lite", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.9.28"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2026-01-19T16:28:52.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-04T18:51:53.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/188eef67-de66-49c2-aa6c-2cf3b886ff66?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/class-wpie-common-action.php#L386"}, {"url": "https://plugins.trac.wordpress.org/changeset/3323402/"}], "descriptions": [{"lang": "en", "value": "The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-434", "description": "CWE-434 Unrestricted Upload of File with Dangerous Type"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:37:38.809Z"}}}, "cveMetadata": {"cveId": "CVE-2025-6207", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:37:38.809Z", "dateReserved": "2025-06-17T17:24:19.547Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-05T07:24:14.925Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:vjinfotech:wp_import_export_lite:*:*:*:*:*:wordpress:*:*", "matchCriteriaId": "1B2B4A50-F078-45CE-9A24-783BD858461F", "versionEndExcluding": "3.9.29", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The WP Import Export Lite plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'wpie_tempalte_import' function in all versions up to, and including, 3.9.28. This makes it possible for authenticated attackers, with Subscriber-level access and above, and permissions granted by an Administrator, to upload arbitrary files on the affected site's server which may make remote code execution possible."}, {"lang": "es", "value": "El complemento WP Import Export Lite para WordPress es vulnerable a la carga de archivos arbitrarios debido a la falta de validaci\u00f3n del tipo de archivo en la funci\u00f3n 'wpie_tempalte_import' en todas las versiones hasta la 3.9.28 incluida. Esto permite que atacantes autenticados, con acceso de suscriptor o superior, y permisos otorgados por un administrador, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podr\u00eda posibilitar la ejecuci\u00f3n remota de c\u00f3digo."}], "id": "CVE-2025-6207", "lastModified": "2025-08-12T16:29:41.927", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 7.5, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 1.6, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}, {"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.8, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "LOW", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.9, "source": "nvd@nist.gov", "type": "Primary"}]}, "published": "2025-08-05T08:15:26.800", "references": [{"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/wp-import-export-lite/trunk/includes/classes/class-wpie-common-action.php#L386"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3323402/"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/188eef67-de66-49c2-aa6c-2cf3b886ff66?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-434"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:32:10.067602+00:00", "value": {"mitigation_remediation": ["Upgrade the WP Import Export Lite plugin to the latest version where file type validation is enforced; the vendor recommends removing the vulnerable function and adding MIME type checks.", "If an update is not available immediately, restrict the upload directory by setting restrictive file permissions (e.g., 644) and disabling execution of files in that directory via .htaccess or web server configuration.", "Consider temporarily disabling the import/export feature for non-administrative users or implementing a whitelist of allowed file types to prevent indiscriminate uploads."], "summary": {"action": "Patch Now", "impact": "Remote Code Execution via Arbitrary File Upload"}, "threat_synthesis": {"affected_systems": "Any WordPress site running the WP Import Export Lite plugin version 3.9.28 or earlier is impacted. The plugin is distributed by vjinfotech and integrates into WordPress installations via the WordPress plugin framework. Only sites where users have Subscriber-level access or higher, and where administrators have granted upload permissions, are at risk.", "description_and_impact": "The vulnerability exists in the file upload handling of the plugin, specifically the 'wpie_tempalte_import' function. By omitting file type validation, an attacker who is logged in at the Subscriber level or higher can upload any file to the server. If the uploaded file is crafted to be executable\u2014such as a PHP script\u2014it can lead to remote code execution, granting the attacker full control over the site. The weakness involves improper restriction of file uploads, identified as CWE-434.", "risk_and_exploitability": "The CVSS score of 7.5 places this flaw in the high severity range, indicating significant potential damage. The EPSS score of less than 1% suggests a low but not negligible probability of exploitation at the time of assessment. The vulnerability is not currently listed in the CISA KEV catalog, which may reduce urgency but does not eliminate the risk. Attackers need legitimate authenticated credentials with sufficient access, but once those exist, the upload path can be used to place malicious files that may be executed if the server's file permissions or PHP settings allow it."}}}}, "created": "2025-08-05T21:23:02.442093+00:00", "updated": "2026-04-22T14:45:19.272680+00:00", "vendors": ["vjinfotech", "vjinfotech$PRODUCT$wp_import_export_lite", "wordpress", "wordpress$PRODUCT$wordpress"]}