Medium severity6.5NVD Advisory· Published Jan 8, 2026· Updated Apr 15, 2026

CVE-2019-25295

Description

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.

Affected products

WordPress/Wp Cost Estimation Payment Forms Builderinferred
Range: <9.660
Package: https://wordpress.org/plugins/wp-cost-estimation-payment-forms-builder

Patches

No patches discovered yet.

Vulnerability mechanics

AI mechanics synthesis has not run for this CVE yet.

References

codecanyon.net/item/wp-cost-estimation-payment-forms-builder/7818230nvd
www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/nvd
www.wordfence.com/threat-intel/vulnerabilities/id/65a9e877-e870-4e36-985d-c0629abe3f78nvd

News mentions

No linked articles in our index yet.

cvss	0.423
epss	0.000
exploit	0.000
kev	0.000
patch	0.000
ransomware	0.000