CVE-2025-12171
Published: 01 November 2025
Summary
CVE-2025-12171 is a high-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 8.8 (High).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked at the 44.3th percentile by exploit likelihood (below the median); it is not currently listed in the CISA KEV catalog.
The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).
Threat & Defense at a Glance
Threat & Defense Details
Mitigating Controls (NIST 800-53 r5)AI
Directly enforces the missing file type validation in the ingest_image() function, preventing arbitrary uploads of dangerous files.
Establishes a risk-based process to identify, prioritize, and remediate the flaw in vulnerable plugin versions 1.1.0-1.5.0 via patching.
Deploys malicious code protection mechanisms at entry points to scan and eradicate dangerous files uploaded through the vulnerable REST endpoint.
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
Arbitrary file upload vulnerability in public-facing WordPress plugin directly enables exploitation of public-facing application (T1190), facilitates ingress of tools/malware via upload (T1105), and deployment of web shells for RCE/persistence (T1505.003).
NVD Description
The RESTful Content Syndication plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the ingest_image() function in versions 1.1.0 to 1.5.0. This makes it possible for authenticated attackers, with Author-level access and above,…
more
to upload arbitrary files on the affected site's server which may make remote code execution possible. This requires the attacker have access to a defined third-party server as specified in the settings, so it is unlikely that this will be exploitable by contributor-level users, and more likely to be exploited by administrators who also have access to the plugin's settings.
Deeper analysisAI
CVE-2025-12171 affects the RESTful Content Syndication plugin for WordPress in versions 1.1.0 through 1.5.0. The vulnerability stems from missing file type validation in the ingest_image() function, enabling arbitrary file uploads. It is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) with a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H). The issue was published on 2025-11-01.
Authenticated attackers with Author-level access or higher can exploit this to upload arbitrary files to the affected WordPress site's server, potentially leading to remote code execution. Exploitation requires the attacker to have access to a third-party server defined in the plugin's settings, making it unlikely for contributor-level users but more feasible for administrators who control those settings.
Mitigation details are documented in advisories from the WordPress plugin trac changeset at https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3384901%40restful-syndication&new=3384901%40restful-syndication&sfp_email=&sfph_mail= and Wordfence threat intelligence at https://www.wordfence.com/threat-intel/vulnerabilities/id/99db7ac5-b7ac-4a4f-bd05-e563a3dfb839?source=cve.
Details
- CWE(s)