Cyber Resilience

CVE-2025-23942

Critical

Published: 22 January 2025

Published
22 January 2025
Modified
23 April 2026
KEV Added
Patch
CVSS Score v3.1 9.1 CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:H/A:H
EPSS Score 0.4495 97.7th percentile
Risk Priority 45 60% EPSS · 20% KEV · 20% CVSS

Summary

CVE-2025-23942 is a critical-severity Unrestricted Upload of File with Dangerous Type (CWE-434) vulnerability. Its CVSS base score is 9.1 (Critical).

Operationally, exploitation aligns with the MITRE ATT&CK technique Web Shell (T1505.003); ranked in the top 2.3% of CVEs by exploit likelihood; it is not currently listed in the CISA KEV catalog.

The strongest mitigations our analysis identified are NIST 800-53 SI-10 (Information Input Validation) and SI-2 (Flaw Remediation).

Deeper analysis

The vulnerability is an unrestricted upload of a file with a dangerous type, tracked as CWE-434, in the WP Load Gallery WordPress plugin by ngocuct0912. It affects all versions through 2.1.6 and permits an authenticated user to upload arbitrary files, including web shells, directly to the web server. The issue carries a CVSS 3.1 score of 9.1 with network attack vector, low complexity, and high impact across confidentiality, integrity, and availability under changed scope.

An attacker holding a high-privileged account on the affected WordPress site can exploit the flaw over the network to place and execute malicious code. Successful exploitation grants the ability to run arbitrary commands on the server, potentially leading to full site takeover or lateral movement within the hosting environment.

The Patchstack advisory documents the arbitrary file upload vulnerability in WP Load Gallery 2.1.6 and below, directing administrators to apply updates once released by the plugin maintainer.

EPSS currently sits at 0.4495 with no material upward trajectory from a lower baseline after disclosure.

EU & UK References

Vulnerability details

Unrestricted Upload of File with Dangerous Type vulnerability in ngocuct0912 WP Load Gallery wp-load-gallery allows Upload a Web Shell to a Web Server.This issue affects WP Load Gallery: from n/a through <= 2.1.6.

CWE(s)

Related Threats

MITRE ATT&CK Enterprise TechniquesAI

T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Why these techniques?

The vulnerability is an arbitrary file upload (CWE-434) that explicitly enables uploading and installing a web shell on the WordPress server.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

CVEs Like This One

CVE-2026-22241Shared CWE-434
CVE-2026-4808Shared CWE-434
CVE-2024-56264Shared CWE-434
CVE-2021-35485Shared CWE-434
CVE-2024-56249Shared CWE-434
CVE-2024-55417Shared CWE-434
CVE-2025-46384Shared CWE-434
CVE-2025-13516Shared CWE-434
CVE-2024-13011Shared CWE-434
CVE-2025-8323Shared CWE-434

Affected Assets

Mitigating Controls

Mitigating Controls (NIST 800-53 r5) AI

prevent

SI-2 requires timely remediation of known flaws like this arbitrary file upload vulnerability in the WP Load Gallery plugin, directly preventing exploitation by patching affected versions.

prevent

SI-10 mandates validation of information inputs such as file uploads to reject dangerous types like web shells, comprehensively addressing the unrestricted upload vulnerability.

preventdetect

SI-3 deploys malicious code protection mechanisms to scan for and block web shells uploaded via the vulnerable plugin's unrestricted file upload feature.

References