Security Advisory

CVE-2025-4954

CVE vulnerability detail — eXtreme Datacenter Security Operations

Published 2025-06-10 06:00:11

Last updated 2025-06-11 13:30:26

Assigner WPScan

State PUBLISHED

Description

The Axle Demo Importer WordPress plugin through 1.0.3 does not validate files to be uploaded, which could allow authenticated users (author and above) to upload arbitrary files such as PHP on the server

← Browse all CVEs View on cve.org ↗