Monitor vulnerabilities like this one.
Sign up free to get alerted when software you use is affected.
8.8
WordPress File Upload Vulnerability Allows Unintended File Overwriting
CVE-2025-41758
Summary
The WordPress file upload feature has a security flaw that allows an attacker to overwrite important files on your website. This could lead to a complete takeover of your site, resulting in stolen data or disrupted operations. Update your WordPress installation immediately to fix this issue and protect your site.
What to do
No fix is available yet. Check with your software vendor for updates.
Affected software
| Vendor | Product | Affected versions | Fix available |
|---|---|---|---|
| mbs-solutions | universal_bacnet_router_firmware | <= 6.0.1.0 | – |
Original title
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and...
Original description
A low-privileged remote attacker can exploit an arbitrary file write vulnerability in the wwupload.cgi endpoint. Due to path traversal this can lead to overwriting arbitrary files on the device and achieving a full system compromise.
nvd CVSS3.1
8.8
Vulnerability type
CWE-22
Path Traversal
Published: 9 Mar 2026 · Updated: 13 Mar 2026 · First seen: 9 Mar 2026