{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-04-19T12:19:39.186","vulnerabilities":[{"cve":{"id":"CVE-2025-14632","sourceIdentifier":"security@wordfence.com","published":"2026-01-17T03:16:03.527","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The Filr – Secure document library plugin for WordPress is vulnerable to Stored Cross-Site Scripting via unrestricted file upload in all versions up to, and including, 1.2.11 due to insufficient file type restrictions in the FILR_Uploader class. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload malicious HTML files containing JavaScript that will execute whenever a user accesses the uploaded file, granted they have permission to create or edit posts with the 'filr' post type."},{"lang":"es","value":"El plugin Filr – Secure document library para WordPress es vulnerable a cross-site scripting almacenado a través de la carga de archivos sin restricciones en todas las versiones hasta la 1.2.11, inclusive, debido a restricciones de tipo de archivo insuficientes en la clase FILR_Uploader. Esto permite a atacantes autenticados, con acceso de nivel de Administrador y superior, cargar archivos HTML maliciosos que contienen JavaScript que se ejecutará cada vez que un usuario acceda al archivo cargado, siempre que tengan permiso para crear o editar publicaciones con el tipo de publicación 'filr'."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:H/PR:H/UI:N/S:C/C:L/I:L/A:N","baseScore":4.4,"baseSeverity":"MEDIUM","attackVector":"NETWORK","attackComplexity":"HIGH","privilegesRequired":"HIGH","userInteraction":"NONE","scope":"CHANGED","confidentialityImpact":"LOW","integrityImpact":"LOW","availabilityImpact":"NONE"},"exploitabilityScore":1.3,"impactScore":2.7}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://plugins.trac.wordpress.org/browser/filr-protection/tags/1.2.10/src/class-filr-uploader.php#L14","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/browser/filr-protection/trunk/src/class-filr-uploader.php#L14","source":"security@wordfence.com"},{"url":"https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3425333%40filr-protection&new=3425333%40filr-protection&sfp_email=&sfph_mail=","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/c16c3a8d-bae1-4729-86c8-ec13481ff187?source=cve","source":"security@wordfence.com"}]}}]}