Vulnerabilities and security researches forbaiduseo baiduseo

May 16, 2025

CVE, Research URL: CVE-2025-3917
Home page URL: Security reports for 百度站长SEO合集(支持百度/神马/Bing/头条推送)
Application: 百度站长SEO合集(支持百度/神马/Bing/头条推送)
Date: May 15, 2025
Research Description: The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions: Min -, max -.
Status: vulnerable