CVE Watchtower


← Back to CVE List

CVE-2025-12057NVD

Vulnerability Summary

The WavePlayer WordPress plugin before 3.8.0 does not have authorization in an AJAX action as well as does not validate the file to be copied locally, allowing unauthenticated users to upload arbitrary file on the server and lead to RCE
Severity Level
UNKNOWN
Published Date
Nov 19, 2025
Last Modified
Jan 9, 2026
Exploitation Status
No confirmed exploitation yet
EPSS Score (30-Day)
Data Pending
Root Weakness (CWE)
N/A