cleantalk
Vulnerabilities and Security Researches

StoryChief, CVE-2025-7441

CVE, Research URL

CVE-2025-7441

Home page URL

Security reports for StoryChief

Application

StoryChief

Published on
Aug 16, 2025
Research Description
The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 1.0.42.
Status
vulnerable
Previous vulnerability researches
Blocksy (CVE-2025-47465) , May 08, 2025
Blocksy (CVE-2024-1767) , Jun 10, 2024
Blocksy (CVE-2024-31382) , Jun 10, 2024
Blocksy (CVE-2024-37469) , Jul 05, 2024
Blocksy (CVE-2024-5439) , Jun 10, 2024
New vulnerability
Linux Promotional Plugin (CVE-2025-7668) , Aug 17, 2025
Poll Maker – Best WordPress Poll Plugin (CVE-2024-12575) , Aug 17, 2025
Add User Meta (CVE-2025-7688) , Aug 17, 2025
User Profile Builder – Beautiful User Registration Forms, User Profiles & User Role Editor (CVE-2025-8896) , Aug 17, 2025
RSS Feed Pro (CVE-2025-53581) , Aug 17, 2025