How severe is CVE-2018-25335?

CVE-2018-25335 has a CVSS v3 score of 9.8 (CRITICAL).

CVE-2018-25335

9.8CRITICAL

Published: 5/17/2026Updated: 5/17/2026

Description

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.

AI AnalysisPowered by AI

References

https://www.exploit-db.com/exploits/44737
https://www.vulncheck.com/advisories/wordpress-plugin-peugeot-music-arbitrary-file-upload