Description
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2025-04-26
Score: 8.8 High
EPSS: 3.1% Low
KEV: No
Impact: Remote Code Execution
Action: Patch Immediately
AI Analysis

Impact

The Aeropage Sync for Airtable plugin for WordPress contains an arbitrary file upload flaw due to missing file type validation in the aeropage_media_downloader function. Authenticated users with Subscriber-level permissions or higher can upload any file type to the server. If the uploaded file is a PHP script or other executable content, it could enable an attacker to run arbitrary code on the server, compromising confidentiality, integrity, and availability.

Affected Systems

The vulnerability affects the Aeropage Sync for Airtable WordPress plugin from Aeropage. All releases up to including version 3.2.0 are impacted. Any WordPress site that has this plugin installed in those versions is at risk.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability. The EPSS score of 3% shows a modest probability of exploitation in the wild, and the flaw is not currently listed in CISA's KEV catalog, suggesting no recorded large‑scale attacks yet. Exploitation requires a user authenticated as Subscriber or higher on the target WordPress installation. Once uploaded, an attacker may place a malicious file in a location from which it can be executed, possibly leading to remote code execution. The absence of validation makes the attack path straightforward when the attacker has legitimate credentials.

Generated by OpenCVE AI on April 20, 2026 at 23:05 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Apply the latest plugin update, which removes the vulnerability (version > 3.2.0).
  • If an immediate update is not possible, temporarily disable the aeropage_media_downloader endpoint or block execution of files uploaded via the plugin by configuring the web server or WordPress to deny *.php uploads in wp-content.
  • Enable strict file type restrictions in the plugin or by implementing a security plugin that permits only approved file extensions (e.g., jpg, png, pdf) for media uploads.
  • Monitor server logs for suspicious upload activity and restrict access to the uploader to trusted administrators if possible.

Generated by OpenCVE AI on April 20, 2026 at 23:05 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12489 The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
History

Tue, 06 May 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Aeropage
Aeropage aeropage Sync For Airtable
CPEs cpe:2.3:a:aeropage:aeropage_sync_for_airtable:*:*:*:*:*:wordpress:*:*
Vendors & Products Aeropage
Aeropage aeropage Sync For Airtable

Mon, 28 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 26 Apr 2025 05:45:00 +0000

Type Values Removed Values Added
Description The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Aeropage Aeropage Sync For Airtable
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:13:12.020Z

Reserved: 2025-04-23T23:16:53.700Z

Link: CVE-2025-3914

cve-icon Vulnrichment

Updated: 2025-04-28T13:39:51.875Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-26T06:15:16.563

Modified: 2025-05-06T16:25:52.830

Link: CVE-2025-3914

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-04-20T23:15:06Z

Weaknesses