CVE-2025-11724
Published: 04 November 2025
Summary
CVE-2025-11724 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 37.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-11724 is an arbitrary file upload vulnerability in the EM Beer Manager plugin for WordPress, affecting all versions up to and including 3.2.3. The issue stems from missing file type validation in the EMBM_Admin_Untappd_Import_image() function and insufficient authorization checks on the wp_ajax_embm-untappd-import AJAX action. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote code execution.
Authenticated attackers with subscriber-level permissions or higher can exploit this vulnerability to upload arbitrary files, including malicious PHP shells, onto the server. Exploitation requires the attacker to provide a mock HTTP server that responds with specific JSON data to mimic the Untappd integration process, bypassing normal validation. Successful exploitation grants remote code execution on the web server, potentially allowing full compromise of the WordPress site.
References include source code locations in the plugin's admin actions and Untappd integration files (lines 393, 867, 899, and 912), as well as a Wordfence threat intelligence advisory detailing the vulnerability. Practitioners should review these for precise remediation steps, such as updating to a patched version if available or disabling the plugin.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-37612
Vulnerability details
The EM Beer Manager plugin for WordPress is vulnerable to arbitrary file upload leading to remote code execution in all versions up to, and including, 3.2.3. This is due to missing file type validation in the EMBM_Admin_Untappd_Import_image() function and missing…
more
authorization checks on the wp_ajax_embm-untappd-import action. This makes it possible for authenticated attackers, with subscriber-level access and above, to upload arbitrary files including PHP files and execute code on the server granted they can provide a mock HTTP server that responds with specific JSON data.
- CWE(s)
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file upload in WordPress plugin enables exploitation of public-facing application (T1190) for uploading and executing malicious PHP files as web shells (T1505.003), leading to RCE.
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly remediates the arbitrary file upload flaw by requiring timely patching of the vulnerable EM Beer Manager plugin versions up to 3.2.3.
Enforces authorization checks on the wp_ajax_embm-untappd-import AJAX action to block subscriber-level and higher access without proper privileges.
Requires validation of file types in the EMBM_Admin_Untappd_Import_image() function to prevent upload of arbitrary dangerous files like PHP shells.