Description
The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the process_theme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2025-11-11
Score: 8.8 High
EPSS: < 1% Very Low
KEV: No
Impact: Remote Code Execution via Arbitrary File Upload
Action: Apply Patch
AI Analysis

Impact

The Elastic Theme Editor WordPress plugin enables authenticated users with Subscriber-level access or higher to upload arbitrary files because of a dynamic code generation flaw in the process_theme function. By uploading malicious scripts or code to the site’s filesystem, an attacker can achieve remote code execution.

Affected Systems

WordPress installations using Elastic Theme Editor version 0.0.3 or earlier are affected.

Risk and Exploitability

The CVSS score of 8.8 signals high severity, but the EPSS score of less than 1% indicates a currently low probability of exploitation. The vulnerability requires authentication, so restricting user roles reduces risk; however, once an attacker attains Subscriber privileges, uploading a PHP shell could compromise the entire site. The issue is not yet listed in the CISA KEV catalog.

Generated by OpenCVE AI on April 21, 2026 at 01:42 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Upgrade Elastic Theme Editor to the latest release (0.0.4 or later) as soon as it becomes available.
  • If upgrading is not possible, disable or remove the process_theme function and limit the plugin to allow uploads only of safe file types.
  • Inspect the plugin directory for any unexpected files or code and delete any that appear malicious.
  • Restrict Subscriber or higher role assignments to trusted users and employ security plugins to monitor for anomalous upload activity.

Generated by OpenCVE AI on April 21, 2026 at 01:42 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

History

Wed, 12 Nov 2025 21:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Wed, 12 Nov 2025 13:00:00 +0000

Type Values Removed Values Added
First Time appeared Wordpress
Wordpress wordpress
Vendors & Products Wordpress
Wordpress wordpress

Tue, 11 Nov 2025 03:45:00 +0000

Type Values Removed Values Added
Description The Elastic Theme Editor plugin for WordPress is vulnerable to arbitrary file uploads due to a dynamic code generation feature in the process_theme function in all versions up to, and including, 0.0.3. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title Elastic Theme Editor <= 0.0.3 - Authenticated (Subscriber+) Arbitrary File Upload
Weaknesses CWE-94
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Wordpress Wordpress
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:28:57.722Z

Reserved: 2025-11-03T16:32:46.720Z

Link: CVE-2025-12637

cve-icon Vulnrichment

Updated: 2025-11-12T15:11:10.984Z

cve-icon NVD

Status : Deferred

Published: 2025-11-11T04:15:47.893

Modified: 2026-04-15T00:35:42.020

Link: CVE-2025-12637

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-21T01:45:24Z

Weaknesses