CVE-2025-12500 | Checkout Field Manager Plugin up to 7.8.1 on WordPress ajax_checkout_attachment_upload unrestricted upload

Inserito da Angelo Barbosa | Feb 18, 2026 | CVE

A vulnerability identified as critical has been detected in Checkout Field Manager Plugin up to 7.8.1 on WordPress. The impacted element is the function ajax_checkout_attachment_upload. Performing a manipulation results in unrestricted upload.

This vulnerability is identified as CVE-2025-12500. The attack can be initiated remotely. There is not any exploit available.

CVE-2025-12500 | Checkout Field Manager Plugin up to 7.8.1 on WordPress ajax_checkout_attachment_upload unrestricted upload

Post correlati

CVE-2024-56964 | Che Hao Duo Used Automobile Agency Guazi Used Car 10.15.1 on iOS Link information disclosure

CVE-2025-64149 | Publish to Bitbucket Plugin up to 0.4 on Jenkins cross-site request forgery

CVE-2024-2300 | HP Advance Mobile Application on iOS information disclosure

CVE-2024-6302 | Conduit up to 0.6.0 insufficient permissions or privileges