cleantalk
Vulnerabilities and Security Researches

Pixabay Images, CVE-2025-4413

CVE, Research URL

CVE-2025-4413

Home page URL

Security reports for Pixabay Images

Application

Pixabay Images

Published on
Jun 18, 2025
Research Description
The Pixabay Images plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the pixabay_upload function in all versions up to, and including, 3.4. This makes it possible for authenticated attackers, with Author-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.
Affected versions
Min -, max 3.4.
Status
vulnerable
Previous vulnerability researches
Pixabay Images (CVE-2025-4413) , Jun 20, 2025
Pixabay Images (CVE-2015-1376) , Jun 07, 2024
Pixabay Images (CVE-2015-1375) , Jun 07, 2024
Pixabay Images (CVE-2015-1365) , Jun 07, 2024
Pixabay Images (CVE-2015-1366) , Jun 07, 2024
New vulnerability
CubeWP Forms – LeadGen & Contact Form (CVE-2025-49880) , Jun 20, 2025
WP2LEADS | WordPress und KlickTipp einfach verbinden – WooCommerce und KlickTipp einfach verbinden (CVE-2025-49316) , Jun 20, 2025
Recover WooCommerce Cart Abandonment, Newsletter, Email Marketing, Marketing Automation By FunnelKit (CVE-2025-1562) , Jun 20, 2025
eCommerce Product Catalog Plugin for WordPress (CVE-2025-49331) , Jun 20, 2025
Broadstreet (CVE-2025-4652) , Jun 20, 2025