CVE-2025-13597
Published: 25 November 2025
Summary
CVE-2025-13597 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability in Wordpress (inferred from references). Its CVSS base score is 9.8 (Critical).
Operationally, exploitation aligns with the MITRE ATT&CK technique Exploit Public-Facing Application (T1190); ranked in the top 29.5% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.
This vulnerability is AI-related — categorised as Other Platforms; in the Supply Chain and Deployment risk domain.
The strongest mitigations our analysis identified are NIST 800-53 AC-3 (Access Enforcement) and SI-10 (Information Input Validation).
Deeper analysis
CVE-2025-13597 is an arbitrary file upload vulnerability in the AI Feeds plugin for WordPress, affecting all versions up to and including 1.0.11. The issue stems from a missing capability check in the 'actualizador_git.php' file, which enables attackers to upload files without authentication. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type).
Unauthenticated attackers can exploit this vulnerability remotely with low complexity to download arbitrary GitHub repositories and overwrite plugin files on the affected WordPress site's server. This capability may lead to remote code execution, granting attackers significant control over the server.
Advisories and patches for mitigation are detailed in referenced sources, including the CVE's GitHub repository, the plugin's source code in WordPress trac, a specific changeset (3402321) in the ai-feeds plugin, a technical blog post by Ryan Kozak, and Wordfence threat intelligence. Security practitioners should review these for patch deployment and updated plugin versions.
EU & UK References
- 🇪🇺 ENISA EUVD: EUVD-2025-199660
Vulnerability details
The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub…
more
repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.
- CWE(s)
AI Security AnalysisAI
- AI Category
- Other Platforms
- Risk Domain
- Supply Chain and Deployment
- OWASP Top 10 for LLMs 2025
- None mapped
- Classification Reason
- Matched keywords: ai
Related Threats
MITRE ATT&CK Enterprise TechniquesAI
Why these techniques?
The vulnerability enables unauthenticated exploitation of a public-facing WordPress application (T1190), uploading/staging malware from GitHub repositories (T1608.001), and overwriting plugin files to deploy web shells or malicious server components for RCE and persistence (T1100, T1505.003).
CVEs Like This One
Affected Assets
Mitigating Controls
Mitigating Controls (NIST 800-53 r5) AI
Directly mitigates the vulnerability by requiring timely remediation of the known flaw in the AI Feeds plugin through patching and updates.
Prevents arbitrary file uploads by validating all inputs to the actualizador_git.php endpoint, rejecting dangerous GitHub repository files.
Enforces the missing capability checks in actualizador_git.php to block unauthenticated access and file overwrite attempts.