{"id":87094,"date":"2026-06-11T03:55:07","date_gmt":"2026-06-11T03:55:07","guid":{"rendered":""},"modified":"-0001-11-30T00:00:00","modified_gmt":"-0001-11-30T06:00:00","slug":"cve-2025-9212-arbitrary-file-upload-vulnerability-in-wp-dispatcher-plugin-for-wordpress","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-9212-arbitrary-file-upload-vulnerability-in-wp-dispatcher-plugin-for-wordpress\/","title":{"rendered":"CVE-2025-9212: Arbitrary File Upload Vulnerability in WP Dispatcher Plugin for WordPress<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

CVE-2025-9212 is a critical vulnerability that affects the WP Dispatcher plugin for WordPress. It enables authenticated attackers with Subscriber-level access and above to upload arbitrary files on the affected site’s server, potentially leading to remote code execution. This vulnerability is serious as it can lead to potential system compromise or data leakage, thereby threatening the security and integrity of websites running on the vulnerable versions of the WP Dispatcher plugin.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-9212
\nSeverity: High (7.5\/10)
\nAttack Vector: Network
\nPrivileges Required: Low (Subscriber-level access)
\nUser Interaction: None
\nImpact: Potential system compromise and data leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n Share secrets securely\r\n <\/h2>\r\n\r\n

\r\n Ameeba is private infrastructure for communication and sensitive work built on encrypted identity instead of exposed corporate identity systems.\r\n <\/p>\r\n\r\n

\r\n Passwords, credentials, confidential files, screenshots, internal discussions, sensitive AI context, and private coordination should not become exposed across ordinary communication platforms.\r\n <\/p>\r\n\r\n