CVE-2018-25335

CRITICAL NVD

CVSS Score 9.8

Severity CRITICAL

Published May 17, 2026

Vendor unknown

Description

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.

References

https://www.exploit-db.com/exploits/44737
https://www.vulncheck.com/advisories/wordpress-plugin-peugeot-music-arbitrary-file-upload