Vulnerability Details
Basic Information
| Title | CVE-2025-1093 AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image |
|---|---|
| Type | cvelist |
| Published | 2025-04-19T03:21:23 |
| Last Seen | 2025-04-19T03:45:16 |
| CVSS Score | 9.8 (CRITICAL) |
CVSS v3 Details
| Attack Vector | NETWORK |
|---|---|
| Attack Complexity | LOW |
| Privileges Required | NONE |
| User Interaction | NONE |
| Scope | UNCHANGED |
| Confidentiality Impact | HIGH |
| Integrity Impact | HIGH |
| Availability Impact | HIGH |
CVE Information
| CVE IDs | CVE-2025-1093 |
|---|---|
| CWE | CWE-434 |
| Bulletin Family | cve |
Description
The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site’s server which may make remote code execution possible.
Impact Assessment
| Base Score | 9.8 |
|---|---|
| Severity | CRITICAL |