Security Advisory

CVE-2025-12057

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-11-19 06:00:05

Last updated 2026-01-09 20:10:31

Assigner WPScan

State PUBLISHED

Description

The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE

← Browse all CVEs View on cve.org ↗