cleantalk
Vulnerabilities and Security Researches

StoryChief, CVE-2025-7441

CVE, Research URL

CVE-2025-7441

Home page URL

Security reports for StoryChief

Application

StoryChief

Published on
Aug 16, 2025
Research Description
The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 1.0.42.
Status
vulnerable
Previous vulnerability researches
Database for Contact Form 7, WPforms, Elementor forms (CVE-2021-25080) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2021-25079) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2022-3604) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2023-31212) , Jun 07, 2024
Database for Contact Form 7, WPforms, Elementor forms (CVE-2023-33311) , Jun 07, 2024
New vulnerability
Surbma | Recent Comments Shortcode (CVE-2025-7649) , Aug 17, 2025
Print My Blog – Print, PDF, & eBook Converter WordPress Plugin (CVE-2025-54740) , Aug 17, 2025
MDTF – Meta Data and Taxonomies Filter (CVE-2025-54707) , Aug 17, 2025
StoryChief (CVE-2025-7441) , Aug 17, 2025
Woocommerce Blocks – Woolook (CVE-2024-8393) , Aug 17, 2025