Cyber Resilience

CVE-2025-13374

Critical

Published: 24 January 2026

Published
24 January 2026
Modified
15 April 2026
KEV Added
Patch
CVSS Score v3.1 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0106 60.1th percentile
Risk Priority 70 floored blend · peak EPSS

Summary

CVE-2025-13374 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 39.9% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

This vulnerability is AI-related — categorised as AI Agent Protocols and Integrations; in the Supply Chain and Deployment risk domain.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

CVE-2025-13374 is a critical vulnerability in the Kalrav AI Agent plugin for WordPress, affecting all versions up to and including 2.3.3. The flaw stems from missing file type validation in the kalrav_upload_file AJAX action, enabling arbitrary file uploads. This issue, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for severe impact.

Unauthenticated attackers can exploit this vulnerability remotely over the network with low complexity and no privileges required. By sending crafted requests to the vulnerable AJAX endpoint, they can upload arbitrary files to the affected WordPress site's server. Successful exploitation may lead to remote code execution, allowing attackers to execute malicious code in the context of the web server process.

Mitigation details are available in associated advisories and references, including the GitHub repository at https://github.com/d0n601/CVE-2025-13374, WordPress plugin trac sources at https://plugins.trac.wordpress.org/browser/kalrav-ai-agent/tags/2.3.3/kalrav-ai-agent.php#L967 and https://plugins.trac.wordpress.org/browser/kalrav-ai-agent/trunk/kalrav-ai-agent.php#L967, a detailed post at https://ryankozak.com/posts/cve-2025-13374, and Wordfence threat intelligence at https://www.wordfence.com/threat-intel/vulnerabilities/id/5dc8feae-fc89-4152-b9b2-2b70e6ccb30b?source=cve. Security practitioners should review these for patch information, update instructions, and workaround guidance.

OWASP Top 10 for Web (2025)

EU & UK References

Vulnerability details

The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the kalrav_upload_file AJAX action in all versions up to, and including, 2.3.3. This makes it possible for unauthenticated attackers to…

more

upload arbitrary files on the affected site's server which may make remote code execution possible.

CWE(s)

AI Security AnalysisAI

AI Category
AI Agent Protocols and Integrations
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
Classification Reason
Matched keywords: ai

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

Unrestricted file upload in public WordPress AJAX endpoint directly enables remote exploitation of a public-facing app (T1190) and installation of a web shell for RCE (T1505.003).

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2025-22654Shared CWE-434
CVE-2025-11948Shared CWE-434
CVE-2025-67260Shared CWE-434
CVE-2025-28915Shared CWE-434
CVE-2023-53956Shared CWE-434
CVE-2024-13882Shared CWE-434
CVE-2025-6058Shared CWE-434
CVE-2021-47819Shared CWE-434
CVE-2025-7852Shared CWE-434
CVE-2026-4883Shared CWE-434

Affected Assets

Wordpress
inferred from references and description; NVD did not file a CPE for this CVE

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

Directly mandates validation of file uploads to counter the missing file type validation in the kalrav_upload_file AJAX action.

prevent

Requires timely remediation and patching of the arbitrary file upload flaw in the Kalrav AI Agent plugin up to version 2.3.3.

detectrespond

Provides vulnerability scanning for hosted applications like WordPress plugins to identify and remediate issues such as CVE-2025-13374.

References