Description
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Published: 2025-04-26
Score: 8.8 High
EPSS: 9.3% Low
KEV: No
Impact: n/a
Action: n/a
AI Analysis

Impact

The Aeropage Sync for Airtable plugin for WordPress has a missing file type validation in the aeropage_media_downloader function, a flaw that corresponds to CWE‑434 (Missing File Type Validation). Authenticated users with Subscriber-level access or higher can upload any file type to the server. Based on the description, it is inferred that an attacker can upload executable files, such as PHP scripts, and execute them, leading to remote code execution, which can compromise confidentiality, integrity, and availability of the affected WordPress site.

Affected Systems

This flaw affects the Aeropage Sync for Airtable plugin from Aeropage for WordPress installations that run any version up to and including 3.2.0. All WordPress sites that have the plugin installed in those versions are at risk, while versions beyond 3.2.0 are not listed as vulnerable according to vendor data.

Risk and Exploitability

The CVSS score of 8.8 indicates a high severity vulnerability, and the EPSS score of 9% shows a moderate probability of exploitation. The flaw is not yet listed in CISA's KEV catalog. Exploitation requires an authenticated Subscriber or higher WordPress account, and the attacker must use the plugin’s media downloader endpoint to upload a malicious file. Once uploaded, the file can be placed in a location from which it can be executed, potentially enabling remote code execution. The absence of file type validation makes the attack path straightforward for anyone with the required permissions.

Generated by OpenCVE AI on June 18, 2026 at 07:06 UTC.

Remediation

No vendor fix or workaround currently provided.

OpenCVE Recommended Actions

  • Update the Aeropage Sync for Airtable plugin to the latest available version, which removes the missing file type validation vulnerability.
  • If an update cannot be performed immediately, temporarily disable the aeropage_media_downloader endpoint or block execution of uploaded files by configuring the web server or WordPress to deny running scripts from the plugin’s upload directory (e.g., set wp-content/uploads/aeropage_uploads to deny all for PHP).
  • Restrict the plugin’s file upload capability to trusted personnel only and enforce strict file type restrictions; configure WordPress or a security plugin to allow only approved extensions such as jpg, png, and pdf.

Generated by OpenCVE AI on June 18, 2026 at 07:06 UTC.

Tracking

Sign in to view the affected projects.

Advisories
Source ID Title
EUVD EUVD EUVD-2025-12489 The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
History

Tue, 06 May 2025 16:45:00 +0000

Type Values Removed Values Added
First Time appeared Aeropage
Aeropage aeropage Sync For Airtable
CPEs cpe:2.3:a:aeropage:aeropage_sync_for_airtable:*:*:*:*:*:wordpress:*:*
Vendors & Products Aeropage
Aeropage aeropage Sync For Airtable

Mon, 28 Apr 2025 16:15:00 +0000

Type Values Removed Values Added
Metrics ssvc

{'options': {'Automatable': 'no', 'Exploitation': 'none', 'Technical Impact': 'total'}, 'version': '2.0.3'}

Sat, 26 Apr 2025 05:45:00 +0000

Type Values Removed Values Added
Description The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Title Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload
Weaknesses CWE-434
References
Metrics cvssV3_1

{'score': 8.8, 'vector': 'CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H'}

Subscriptions

Aeropage Aeropage Sync For Airtable
cve-icon MITRE

Status: PUBLISHED

Assigner: Wordfence

Published:

Updated: 2026-04-08T17:13:12.020Z

Reserved: 2025-04-23T23:16:53.700Z

Link: CVE-2025-3914

cve-icon Vulnrichment

Updated: 2025-04-28T13:39:51.875Z

cve-icon NVD

Status : Analyzed

Published: 2025-04-26T06:15:16.563

Modified: 2026-06-17T09:20:55.220

Link: CVE-2025-3914

cve-icon Redhat

No data.

cve-icon OpenCVE Enrichment

Updated: 2026-06-18T07:15:17Z

Weaknesses
  • CWE-434

    Unrestricted Upload of File with Dangerous Type