CVE-2025-11521

High CVSS: 8.1

The Astra Security Suite – Firewall & Malware Scan plugin for WordPress is vulnerable to arbitrary file uploads due to insufficient validation of remote URLs for zip downloads and an easily guessable key in all versions up to, and including, 0.2. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Vendor

Product

CWE

CWE-285

Yayın Tarihi

2025-11-11 04:15:41

Güncelleme

2025-11-12 16:19:59

Source Identifier

security@wordfence.com

KEV Date Added

Kategoriler

CWE-285 HIGH 2025

Referanslar

https://wordpress.org/plugins/getastra/ https://www.wordfence.com/threat-intel/vulnerabilities/id/f99a6b5c-e95d-49d0-a4b2-1d7188447da1?source=cve