VYPR
Medium severity4.3NVD Advisory· Published Nov 5, 2025· Updated Apr 15, 2026

CVE-2025-11373

CVE-2025-11373

Description

The Popup and Slider Builder by Depicter – Add Email collecting Popup, Popup Modal, Coupon Popup, Image Slider, Carousel Slider, Post Slider Carousel plugin for WordPress is vulnerable to arbitrary file uploads due to a missing capability checks in the "depicter-media-upload" AJAX route in all versions up to, and including, 4.0.4. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload limited files on the affected site's server.

AI Insight

LLM-synthesized narrative grounded in this CVE's description and references.

Affected products

2

Patches

Vulnerability mechanics

References

4

News mentions

0

No linked articles in our index yet.