7.5
CVE-2025-6206
- EPSS 0.28%
- Veröffentlicht 24.06.2025 08:23:55
- Zuletzt bearbeitet 13.08.2025 13:39:01
- Quelle security@wordfence.com
- CVE-Watchlists
- Unerledigt
Aiomatic - AI Content Writer, Editor, ChatBot & AI Toolkit <= 2.5.0 - Authenticated (Subscriber+) Arbitrary File Upload
The Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aiomatic_image_editor_ajax_submit' function in all versions up to, and including, 2.5.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. In order to exploit the vulnerability, there must be a value entered for the Stability.AI API key. The value can be arbitrary.
Mögliche Gegenmaßnahme
Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit: Update to version 2.5.1, or a newer patched version
Verknüpft mit AI von unstrukturierten Daten zu bestehenden CPE der NVD
Diese Information steht angemeldeten Benutzern zur Verfügung. 
Login
LoginWeitere Schwachstelleninformationen
SystemWordPress Plugin
≫
Produkt
Aiomatic - Automatic AI Content Writer & Editor, GPT-3 & GPT-4, ChatGPT ChatBot & AI Toolkit
Version
*-2.5.0
Daten sind bereitgestellt durch National Vulnerability Database (NVD)
Coderevolution ≫ Aiomatic SwPlatformwordpress Version < 2.5.1
| Typ | Quelle | Score | Percentile |
|---|---|---|---|
| EPSS | FIRST.org | 0.28% | 0.507 |
| Quelle | Base Score | Exploit Score | Impact Score | Vector String |
|---|---|---|---|---|
| security@wordfence.com | 7.5 | 1.6 | 5.9 |
CVSS:3.1/AV:N/AC:H/PR:L/UI:N/S:U/C:H/I:H/A:H
|
CWE-434 Unrestricted Upload of File with Dangerous Type
The product allows the upload or transfer of dangerous file types that are automatically processed within its environment.