WordPress Plugin Allows Unauthorized File Uploads

Monitor vulnerabilities like this one. Sign up free to get alerted when software you use is affected.

WordPress Plugin Allows Unauthorized File Uploads

BELL-CVE-2026-31425

Summary

A security issue with a popular WordPress plugin allows hackers to upload and execute malicious files on websites using the plugin. This could lead to unauthorized access, data theft, or even the complete takeover of a website. Website owners using this plugin should update to the latest version to fix the issue.

What to do

No fix is available yet. Check with your software vendor for updates.

Affected software

Ecosystem	Vendor	Product	Affected versions
Alpaquita:23	bellsoft	linux-lts	>= 6.1.167-r0
Alpaquita:25	bellsoft	linux-lts	>= 6.12.80-r0
Alpaquita:stream	bellsoft	linux-lts	>= 6.12.80-r0

Original title

BELL-CVE-2026-31425

https://docs.bell-sw.com/security/cves/CVE-2026-31425 Vendor Advisory

Published: 14 Apr 2026 · Updated: 14 Apr 2026 · First seen: 14 Apr 2026