{"resultsPerPage":1,"startIndex":0,"totalResults":1,"format":"NVD_CVE","version":"2.0","timestamp":"2026-05-12T18:50:49.310","vulnerabilities":[{"cve":{"id":"CVE-2025-5395","sourceIdentifier":"security@wordfence.com","published":"2025-06-11T07:15:24.800","lastModified":"2026-04-15T00:35:42.020","vulnStatus":"Deferred","cveTags":[],"descriptions":[{"lang":"en","value":"The WordPress Automatic Plugin plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient file type validation in the 'core.php' file in all versions up to, and including, 3.115.0. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."},{"lang":"es","value":"El complemento WordPress Automatic Plugin de WordPress es vulnerable a la carga de archivos arbitrarios debido a una validación insuficiente del tipo de archivo en el archivo 'core.php' en todas las versiones hasta la 3.115.0 incluida. Esto permite que atacantes autenticados, con acceso de autor o superior, carguen archivos arbitrarios en el servidor del sitio afectado, lo que podría posibilitar la ejecución remota de código."}],"metrics":{"cvssMetricV31":[{"source":"security@wordfence.com","type":"Secondary","cvssData":{"version":"3.1","vectorString":"CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H","baseScore":8.8,"baseSeverity":"HIGH","attackVector":"NETWORK","attackComplexity":"LOW","privilegesRequired":"LOW","userInteraction":"NONE","scope":"UNCHANGED","confidentialityImpact":"HIGH","integrityImpact":"HIGH","availabilityImpact":"HIGH"},"exploitabilityScore":2.8,"impactScore":5.9}]},"weaknesses":[{"source":"security@wordfence.com","type":"Secondary","description":[{"lang":"en","value":"CWE-434"}]}],"references":[{"url":"https://codecanyon.net/item/wordpress-automatic-plugin/1904470#item-description__changelog","source":"security@wordfence.com"},{"url":"https://www.wordfence.com/threat-intel/vulnerabilities/id/57be67fd-8485-495f-b5e9-6eb52af945b7?source=cve","source":"security@wordfence.com"}]}}]}