Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
9.3
CVE-2018-25335: Peugeot Music 1.0 allows attackers to upload malicious files
CVE-2018-25335
Summary
The Peugeot Music WordPress plugin is vulnerable to a file upload issue. This means attackers can upload malicious files without needing a password, which could lead to security problems. To stay safe, update the Peugeot Music plugin to the latest version or remove it if it's no longer needed.
Original title
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoin...
Original description
WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.
nvd CVSS3.1
9.8
nvd CVSS4.0
9.3
Vulnerability type
CWE-306
Missing Authentication for Critical Function
Published: 17 May 2026 · Updated: 28 May 2026 · First seen: 17 May 2026