CVE-2025-12057 | WavePlayer Plugin up to 3.7.x on WordPress unrestricted upload

Inserito da Angelo Barbosa | Nov 19, 2025 | CVE

A vulnerability was found in WavePlayer Plugin up to 3.7.x on WordPress. It has been declared as critical. This affects an unknown function. Such manipulation leads to unrestricted upload.

This vulnerability is uniquely identified as CVE-2025-12057. The attack can be launched remotely. No exploit exists.

It is recommended to upgrade the affected component.

CVE-2025-12057 | WavePlayer Plugin up to 3.7.x on WordPress unrestricted upload

Post correlati

CVE-2024-37775 | Sunbird DCIM dcTrack 9.1.2 RBAC access control

CVE-2025-49074 | WidgetKit Plugin up to 2.5.4 on WordPress Widget cross site scripting

CVE-2024-12296 | ApusTheme Apus Framework Plugin up to 2.3 on WordPress import_page_options authorization

CVE-2023-31033 | NVIDIA DGX A100 prior 00.22.05 missing authentication