Cyber Resilience

CVE-2025-11724

High

Published: 04 November 2025

Published
04 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 8.8 CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0043 62.7th percentile
Risk Priority 18 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-11724 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).

Deeper analysis

CVE-2025-11724 is an arbitrary file upload vulnerability in the EM Beer Manager plugin for WordPress, affecting all versions up to and including 3.2.3. The issue stems from missing file type validation in the EMBM_Admin_Untappd_Import_image() function and insufficient authorization checks on the wp_ajax_embm-untappd-import AJAX action. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote code execution.

Authenticated attackers with subscriber-level permissions or higher can exploit this vulnerability to upload arbitrary files, including malicious PHP shells, onto the server. Exploitation requires the attacker to provide a mock HTTP server that responds with specific JSON data to mimic the Untappd integration process, bypassing normal validation. Successful exploitation grants remote code execution on the web server, potentially allowing full compromise of the WordPress site.

References include source code locations in the plugin's admin actions and Untappd integration files (lines 393, 867, 899, and 912), as well as a Wordfence threat intelligence advisory detailing the vulnerability. Practitioners should review these for precise remediation steps, such as updating to a patched version if available or disabling the plugin.

EU & UK References

Vulnerability details

The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validation in the EMBM_Admin_Untappd_Import_image() function and missing…

more

authorization checks on the wp_ajax_embm-untappd-import action. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files including PHP files and execute code on the server granted they can provide a mock HTTP server that responds with specific JSON data.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Arbitrary file upload in WordPress plugin enables exploitation of public-facing application (T1190) for uploading and executing malicious PHP files as web shells (T1505.003), leading to RCE.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434
CVE-2025-21624Shared CWE-434
CVE-2026-35164Shared CWE-434
CVE-2026-2097Shared CWE-434
CVE-2025-12154Shared CWE-434
CVE-2026-42748Shared CWE-434
CVE-2025-32957Shared CWE-434

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly remediates the arbitrary file upload flaw by requiring timely patching of the vulnerable EM Beer Manager plugin versions up to 3.2.3.

prevent

Enforces authorization checks on the wp_ajax_embm-untappd-import AJAX action to block subscriber-level and higher access without proper privileges.

prevent

Requires validation of file types in the EMBM_Admin_Untappd_Import_image() function to prevent upload of arbitrary dangerous files like PHP shells.

References