CVE-2025-4190 – WordPress CSV Mass Importer File Upload Privilege Escalation Vulnerability

May 17, 2025

CVE ID : CVE-2025-4190

Published : May 17, 2025, 6:15 a.m. | 2 hours, 52 minutes ago

Description : The CSV Mass Importer WordPress plugin through 1.2 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)

Severity: 0.0 | NA

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Source: Read More

Previous ArticleCVE-2025-3812 – WordPress WPBot Pro File Deletion Vulnerability

Next Article CVE-2025-4818 – SourceCodester Doctor’s Appointment System SQL Injection

Highlights

CVE-2025-3483 – MedDream PACS Server DICOM File Parsing Remote Code Execution Vulnerability

May 22, 2025

CVE ID : CVE-2025-3483

Published : May 22, 2025, 1:15 a.m. | 1 hour, 44 minutes ago

Description : MedDream PACS Server DICOM File Parsing Stack-based Buffer Overflow Remote Code Execution Vulnerability. This vulnerability allows remote attackers to execute arbitrary code on affected installations of MedDream PACS Server. Authentication is not required to exploit this vulnerability.

The specific flaw exists within the parsing of DICOM files. The issue results from the lack of proper validation of the length of user-supplied data prior to copying it to a fixed-length stack-based buffer. An attacker can leverage this vulnerability to execute code in the context of the service account. Was ZDI-CAN-25825.

Severity: 9.8 | CRITICAL

Visit the link for more details, such as CVSS details, affected products, timeline, and more…

Turning User Research Into Real Organizational Change

June 2025: All AI updates from the past month

Building a culture that will drive platform engineering success

Gartner: More than 40% of agentic AI projects will be canceled in the next few years

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

“Using AI is no longer optional” — Did Microsoft just make Copilot mandatory for its staff as a critical performance metric?

June report 2025

June report 2025

Make your JS functions smarter and cleaner with default parameters

Best Home Interiors in Hyderabad – Top Designers & Affordable Packages

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

I FINALLY got my hands on my most anticipated gaming laptop of 2025 — and it’s a 14-inch monster

This gimbal-tracking webcam has TWO cameras and a great price — but it may not be “private” enough

I spent two months using the massive Area-51 gaming rig — both a powerful beast PC and an RGB beauty queen

CVE-2025-4190 – WordPress CSV Mass Importer File Upload Privilege Escalation Vulnerability

CVE-2025-6554 Actively Exploited Google Chrome Zeroday

Cyber Brief 25-07 – June 2025

CVE-2025-43877 – WRC-1167GHBK2-S WebGUI Cross-Site Scripting (XSS)

Is The Alters on Game Pass?

CVE-2024-55211 – Think Router Tk-Rt-Wr135G Authentication Bypass

CVE-2023-53146 – “Linux Media DW2102 Null Pointer Dereference Vulnerability”

CVE-2025-3483 – MedDream PACS Server DICOM File Parsing Remote Code Execution Vulnerability

This tiny SSD can have up to 8TB of storage, and I could fit a dozen of them in my pockets

How our principles helped define AlphaFold’s release

Google Maps can identify and save places in your screenshots – here’s how

CVE-2025-4190 – WordPress CSV Mass Importer File Upload Privilege Escalation Vulnerability

Related Posts