CVE-2025-13407

Published: Dic 24, 2025 Last Modified: Dic 29, 2025

ExploitDB:

Other exploit source:

Google Dorks:

MEDIUM 6,8

Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0

Attack Vector: network

Attack Complexity: high

Privileges Required: low

User Interaction: none

Scope: unchanged

Confidentiality: high

Integrity: high

Availability: none

Description

AI Translation Available

The Gravity Forms WordPress plugin before 2.9.23.1 does not properly prevent users from uploading dangerous files through its chunked upload functionality, allowing attackers to upload PHP files to affected sites and achieve Remote Code Execution, granted they can discover or enumerate the upload path.

EPSS (Exploit Prediction Scoring System)

Trend Analysis

EPSS (Exploit Prediction Scoring System)

Prevede la probabilità di sfruttamento basata su intelligence sulle minacce e sulle caratteristiche della vulnerabilità.

EPSS Score

0,0009

Percentile

0,3th

Updated

EPSS Score Trend (Last 82 Days)

https://wpscan.com/vulnerability/e09908fb-f5ad-45ca-8698-c0…

https://wpscan.com/vulnerability/e09908fb-f5ad-45ca-8698-c0d596fd39cc/

CVE-2025-13407

Description

EPSS (Exploit Prediction Scoring System)

EPSS (Exploit Prediction Scoring System)

EPSS Score Trend (Last 82 Days)

Iscriviti alla newsletter