High severity8.8NVD Advisory· Published Jul 12, 2025· Updated Apr 15, 2026
CVE-2025-6423
CVE-2025-6423
Description
The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected products
2<=2.3.5+ 1 more
- (no CPE)range: <=2.3.5
- (no CPE)range: <=2.3.5
Patches
Vulnerability mechanics
References
2News mentions
0No linked articles in our index yet.