CVE-2025-23942 - Vulnerability Details

- WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability

Description

Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6.

Published: 2025-01-22

Score: 9.1 Critical

EPSS: 44.9% Moderate

KEV: No

Impact:

Action:

Analysis

Impact

The plugin allows an attacker to upload any file type, including executable web shells, without proper validation. This unrestricted upload capability can be leveraged to deploy malicious code on the web server, effectively granting the attacker remote code execution privileges. The flaw is categorized under CWE-434, indicating that the vulnerability arises from insufficient filtering of user-supplied file types.

Affected Systems

Any WordPress site using the ngocuct0912 WP Load Gallery plugin version 2.1.6 or earlier is affected. This includes all installations where the plugin is active, regardless of the WordPress core version, as the vulnerability resides solely in the plugin’s upload handling.

Risk and Exploitability

The score of 9.1 on the CVSS scale marks this as critical, and an EPSS of 45% suggests a high probability of exploitation. Although not listed in the CISA KEV catalog, the ease of uploading a web shell via a publicly accessible interface indicates that the likely attack vector is the plugin’s file upload form, which may be reachable by any authenticated user or possibly unauthenticated users depending on site configuration. An attacker could exploit this flaw to place a shell and then execute arbitrary commands on the server, creating full control over the compromised site.

Default status is the baseline for the product, each version can override it (e.g. patched versions marked unaffected).

Vendor Product Default status Versions

ngocuct0912

WP Load Gallery

unaffected

Version	Status	Constraints
`0`	affected	≤ 2.1.6

No data.

No data available yet.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

Update the WP Load Gallery plugin to a version newer than 2.1.6 once an official fix is released.
Configure WordPress or associate security plugins to enforce strict file type whitelisting, ensuring only allowed media types can be uploaded.
Disable or remove the upload feature entirely if the plugin is used solely for displaying images that can be uploaded through alternative, vetted methods.

Generated by OpenCVE AI on May 1, 2026 at 19:29 UTC.

Tracking

Sign in to view the affected projects.

Advisories

No advisories yet.

No CVSS v4.0

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

No CVSS v3.0

No CVSS v2

This CVE is not in the KEV list.

The EPSS score is 0.44946.

Exploitation none

Automatable no

Technical Impact partial

References

Link	Providers
https://patchstack.com/database/Wordpress/Plugin/wp-load-gallery/vulnerability/wordpress-wp-load-gallery-plugin-2-1-6-arbitrary-file-upload-vulnerability?_s_id=cve

History

Thu, 23 Apr 2026 15:00:00 +0000

Type	Values Removed	Values Added
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

Wed, 01 Apr 2026 23:45:00 +0000

Type	Values Removed	Values Added
Description	Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6.	Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6.
References	https://patchstack.com/database/wordpress/plugin/wp-load-gallery/vulnerability/wordpress-wp-load-gallery-plugin-2-1-6-arbitrary-file-upload-vulnerability?_s_id=cve	https://patchstack.com/database/Wordpress/Plugin/wp-load-gallery/vulnerability/wordpress-wp-load-gallery-plugin-2-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
Metrics	cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

Wed, 22 Jan 2025 20:15:00 +0000

Type	Values Removed	Values Added
Metrics		ssvc `{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'partial'}, 'version': '2.0.3'}`

Wed, 22 Jan 2025 14:45:00 +0000

Type	Values Removed	Values Added
Description		Unrestricted Upload of File with Dangerous Type vulnerability in NgocCode WP Load Gallery allows Upload a Web Shell to a Web Server. This issue affects WP Load Gallery: from n/a through 2.1.6.
Title		WordPress WP Load Gallery Plugin <= 2.1.6 - Arbitrary File Upload vulnerability
Weaknesses		CWE-434
References		https://patchstack.com/database/wordpress/plugin/wp-load-gallery/vulnerability/wordpress-wp-load-gallery-plugin-2-1-6-arbitrary-file-upload-vulnerability?_s_id=cve
Metrics		cvssV3_1 `{'score': 9.1, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H'}`

Subscriptions

No data.

MITRE

Status: PUBLISHED

Assigner: Patchstack

Published: 2025-01-22T14:29:24.172Z

Updated: 2026-05-11T23:07:20.414Z

Reserved: 2025-01-16T11:32:45.573Z

Link: CVE-2025-23942

Vulnrichment

Updated: 2025-01-22T19:33:24.620Z

NVD

Status : Deferred

Published: 2025-01-22T15:15:26.103

Modified: 2026-04-23T15:24:49.633

Link: CVE-2025-23942

Redhat

No data.

OpenCVE Enrichment

Updated: 2026-05-01T19:30:23Z

Weaknesses

CWE-434

Impact

Affected Systems

Risk and Exploitability

Tracking

Attack Vector Network

Attack Complexity Low

Privileges Required High

Scope Changed

Confidentiality Impact High

Integrity Impact High

Availability Impact High

User Interaction None

Exploitation none

Automatable no

Technical Impact partial

Subscriptions

JSON object

JSON object

JSON object

JSON object

JSON object