What is CVE-2025-5395?

CVE-2025-5395 is a high-severity vulnerability in Valvepress Wordpress Automatic Plugin, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2025-06-11.

How severe is CVE-2025-5395?

High severity. CVSS v3 base score is 8.8 out of 10.

Arbitrary file upload in Valvepress Wordpress Automatic Plugin

CVE-2025-5395

The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authentic…

Vulnerability class: Unrestricted File Upload

EPSS: 0.014 (80.5th percentile) — read the EPSS interpretation.

CVSS v3 metric

CVSS v3 base score 8.8 (High). Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H.

Affected products

Valvepress Wordpress Automatic Plugin — versions 0

Weakness classification (CWE)

CWE-434 — Unrestricted Upload of File with Dangerous Type

References

Frequently asked questions

What is CVE-2025-5395?: CVE-2025-5395 is a high-severity vulnerability in Valvepress Wordpress Automatic Plugin, classified under Unrestricted Upload of File with Dangerous Type. CVSS score: 8.8/10. Published 2025-06-11.
How severe is CVE-2025-5395?: High severity. CVSS v3 base score is 8.8 out of 10.