The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Metrics
Affected Vendors & Products
Fixes
Solution
No solution given by the vendor.
Workaround
No workaround given by the vendor.
References
History
Mon, 11 Aug 2025 15:00:00 +0000
Type | Values Removed | Values Added |
---|---|---|
First Time appeared |
File Away Project
File Away Project file Away |
|
CPEs | cpe:2.3:a:file_away_project:file_away:*:*:*:*:*:wordpress:*:* | |
Vendors & Products |
File Away Project
File Away Project file Away |
Wed, 19 Mar 2025 14:15:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Metrics |
ssvc
|
Wed, 19 Mar 2025 11:30:00 +0000
Type | Values Removed | Values Added |
---|---|---|
Description | The File Away plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability check and missing file type validation in the upload() function in all versions up to, and including, 3.9.9.0.1. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. | |
Title | File Away <= 3.9.9.0.1 - Missing Authorization to Unauthenticated File Upload via upload Function | |
Weaknesses | CWE-434 | |
References |
| |
Metrics |
cvssV3_1
|

Status: PUBLISHED
Assigner: Wordfence
Published:
Updated: 2025-03-19T13:20:20.431Z
Reserved: 2025-03-18T23:04:49.949Z
Link: CVE-2025-2512

Updated: 2025-03-19T13:20:15.039Z

Status : Analyzed
Published: 2025-03-19T12:15:14.463
Modified: 2025-08-11T14:58:33.370
Link: CVE-2025-2512

No data.

No data.