Vulnerability Description
The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versions up to, and including, 1.0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload safe media files.
CVSS Score
MEDIUM
Related Weaknesses (CWE)
References
- https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e
- https://plugins.trac.wordpress.org/browser/url-media-uploader/tags/1.0.1/url-med
- https://plugins.trac.wordpress.org/browser/url-media-uploader/trunk/url-media-up
- https://www.wordfence.com/threat-intel/vulnerabilities/id/57f09da9-0d2c-45db-b3e
- https://gist.github.com/jasoncarle/925401bb11833b1ced2342390e20718e
FAQ
What is CVE-2025-14045?
CVE-2025-14045 is a vulnerability with a CVSS score of 4.3 (MEDIUM). The URL Media Uploader plugin for WordPress is vulnerable to unauthorized safe file uploads due to a missing capability check on the url_media_uploader_url_upload_ajax_handler() function in all versio...
How severe is CVE-2025-14045?
CVE-2025-14045 has been rated MEDIUM with a CVSS base score of 4.3/10. Review the CVSS metrics above for detailed severity breakdown.
Is there a patch for CVE-2025-14045?
Check the references section above for vendor advisories and patch information. Review vendor security bulletins for remediation guidance.