WP移行専用プラグイン for CPI

9.8 / 10

CRITICAL

CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

Description

The WP移行専用プラグイン for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

AI Analysis

Arbitrary file upload vulnerability due to missing file type validation

Basic Information

ID CVE-2025-11170

Source Wordfence

Published Nov 11, 2025 at 03:30

Affected Product

Vendor kddiwebcommunications

Product WP移行専用プラグイン for CPI

Version *

Affected Versions kddiwebcommunications WP移行専用プラグイン for CPI *

CWE Classification

CWE-434

AI Assessment

AI Score 9.8 / 10

AI Severity Critical

Vendor kddiwebcommunications

Product WP移行専用プラグイン for CPI

Version 1.0.2

References

{
    "lastseen": "",
    "description": "The WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3 for CPI plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the Cpiwm_Import_Controller::import function in all versions up to, and including, 1.0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.",
    "published": "2025-11-11T03:30:44.250Z",
    "modified": "2025-11-11T03:30:44.250Z",
    "type": "cve",
    "title": "WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3 for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload",
    "source": "Wordfence",
    "references": "https://www.wordfence.com/threat-intel/vulnerabilities/id/8a96d6d5-a5e3-4648-902b-f9d1f8e57e5c?source=cve\nhttps://wordpress.org/plugins/cpi-wp-migration/",
    "id": "CVE-2025-11170",
    "bulletinFamily": "",
    "cwe": [
        "CWE-434"
    ],
    "cvelist": null,
    "sourceData": "kddiwebcommunications WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3 for CPI *",
    "sourceHref": "",
    "cvss": {
        "score": 9.8,
        "severity": "CRITICAL",
        "vector": "CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",
        "version": "3.1"
    },
    "cvss2": [],
    "cvss3": {
        "version": "",
        "vectorString": "",
        "baseScore": 0,
        "baseSeverity": "",
        "attackVector": "",
        "attackComplexity": "",
        "privilegesRequired": "",
        "userInteraction": "",
        "scope": "",
        "confidentialityImpact": "",
        "integrityImpact": "",
        "availabilityImpact": "",
        "cvssV3": {
            "version": "",
            "vectorString": "",
            "baseScore": 0,
            "baseSeverity": "",
            "attackVector": "",
            "attackComplexity": "",
            "privilegesRequired": "",
            "userInteraction": "",
            "scope": "",
            "confidentialityImpact": "",
            "integrityImpact": "",
            "availabilityImpact": ""
        }
    },
    "href": "",
    "category_name": "CVE",
    "post_link": "",
    "product": "WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3 for CPI",
    "version": "*",
    "vendor": "kddiwebcommunications",
    "ai_description": "Arbitrary file upload vulnerability due to missing file type validation",
    "ai_severity": "Critical",
    "ai_vendor": "kddiwebcommunications",
    "ai_product": "WP\u79fb\u884c\u5c02\u7528\u30d7\u30e9\u30b0\u30a4\u30f3 for CPI",
    "ai_version": "1.0.2",
    "ai_score": 9.8
}

WP移行専用プラグイン for CPI <= 1.0.2 - Unauthenticated Arbitrary File Upload_CVE-2025-11170