What is CVE-2018-25335?

CVE-2018-25335 is a critical-severity vulnerability in Peugeot-music-plugin Peugeot Music, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-05-17.

How severe is CVE-2018-25335?

Critical severity. CVSS v3 base score is 9.8 out of 10.

Auth bypass in Peugeot-music-plugin Peugeot Music

CVE-2018-25335

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitra…

Vulnerability class: Broken Authentication

EPSS: 0.001 (18.9th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 9.8 (Critical). Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H.

Affected products

Peugeot-music-plugin Peugeot Music — versions 1.0

Weakness classification (CWE)

CWE-306 — Missing Authentication for Critical Function

References

disclosure@vulncheck.com (exploit)
disclosure@vulncheck.com (third-party-advisory)

Frequently asked questions

What is CVE-2018-25335?: CVE-2018-25335 is a critical-severity vulnerability in Peugeot-music-plugin Peugeot Music, classified under Missing Authentication for Critical Function. CVSS score: 9.8/10. Published 2026-05-17.
How severe is CVE-2018-25335?: Critical severity. CVSS v3 base score is 9.8 out of 10.