What is CVE-2025-12968?

CVE-2025-12968 is a high-severity vulnerability in Infility Global, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2025-12-12.

How severe is CVE-2025-12968?

High severity. CVSS v3 base score is 8.8 out of 10.

Arbitrary file upload in Infility Global

CVE-2025-12968

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the `upload_file` function in the `inf…

Vulnerability class: Unrestricted File Upload

EPSS: 0.002 (40.4th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Infility Global — versions 0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

www.wordfence.com/threat-intel/vulnerabilities/id/542a18f6-9d17-4e54-85e1-e0163…
wordpress.org/plugins/infility-global/
plugins.trac.wordpress.org/changeset

Frequently asked questions

What is CVE-2025-12968?: CVE-2025-12968 is a high-severity vulnerability in Infility Global, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2025-12-12.
How severe is CVE-2025-12968?: High severity. CVSS v3 base score is 8.8 out of 10.