MeldSecurity
Press Enter to search
CVE Database & Search →
Sign In Get Started

CVE-2025-12352

🚨 CRITICAL

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This...

Published
Nov 07, 2025
Last Modified
Nov 12, 2025
Views
55
Bookmarks
0

Description

Request Expert Review

The Gravity Forms plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the copy_post_image() function in all versions up to, and including, 2.9.20. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This only impacts sites that have allow_url_fopen set to `On`, the post creation form enabled along with a file upload field for the post

CVSS Scores

CVSS 3.1 9.8
9.8
CRITICAL
CVSS 2.0 9.8

References

github.com github.com www.wordfence.com

Additional Information

Source
security@wordfence.com
State
Awaiting analysis

Related CVEs

CVE-2025-13970

HIGH

OpenPLC_V3 is vulnerable to a cross-site request forgery (CSRF) attack due to the absence of proper CSRF validation. This issue allows an unauthenti...

Score: 8.0

CVE-2025-14585

HIGH

A vulnerability was found in itsourcecode COVID Tracking System 1.0. Affected by this vulnerability is an unknown functionality of the file /admin/?pa...

Score: 7.3

CVE-2025-14584

HIGH

A vulnerability has been found in itsourcecode COVID Tracking System 1.0. Affected is an unknown function of the file /admin/login.php of the componen...

Score: 7.3

CVE-2025-14583

HIGH

A flaw has been found in campcodes Online Student Enrollment System 1.0. This impacts an unknown function of the file /admin/register.php. Executing m...

Score: 7.3

CVE-2025-14582

MEDIUM

A vulnerability was detected in campcodes Online Student Enrollment System 1.0. This affects an unknown function of the file /admin/index.php?page=use...

Score: 4.7

CVE-2025-67750

HIGH

Lightning Flow Scanner provides a A CLI plugin, VS Code Extension and GitHub Action for analysis and optimization of Salesforce Flows. Versions 6.10.5...

Score: 8.4

Share CVE-2025-12352

Share on Social Media

Copy Link

Embed Code

Request Expert Analysis

Request a professional security analysis for CVE-2025-12352 from our verified experts.

Credits System

Use your credits to get expert analysis from verified security professionals. Purchase more credits anytime!

Add 3 credits for accelerated delivery

Base Cost: 8 credits
Priority Upgrade: + credits
SLA Acceleration: +3 credits
Total Cost:
Your Balance:

Insufficient Credits

You need more credits to submit this request.

Buy Credits

Report Analysis