CVE-2025-27282

CVSS 3.1 Score 9.9 of 10 (high)

Details

Published Apr 17, 2025

CWE ID 434

Summary

CVE-2025-27282 is a vulnerability affecting the Theme File Duplicator plugin, specifically versions from n/a through 1.3. An Unrestricted File Upload issue exists, enabling attackers to upload dangerous file types that could lead to serious security consequences, such as site takeover or data theft. The File Duplicator function in the rockgod100 theme is the affected component. It's crucial for users to update their Theme File Duplicator plugin to the latest version as soon as possible to mitigate this risk.

Prevent cyber attacks with Recorded Future by prioritizing and patching critical vulnerabilities being exploited by threat actors targeting your industry. Book your demo to learn more.

https://app.recordedfuture.com/live/sc/entity/3lx_7W
https://www.cve.org/CVERecord?id=CVE-2025-27282
https://nvd.nist.gov/vuln/detail/CVE-2025-27282

Back to Vulnerability Database

Platform Features

Products

Use Cases

Teams

Industries

Services

Threats to the 2025 NATO Summit

Artificial Eyes: Generative AI in China’s Military Intelligence

GrayAlpha Uses Diverse Infection Vectors to Deploy PowerNet Loader and NetSupport RAT

Know What Matters

For Customers

For Partners

CVE-2025-27282

CVSS 3.1 Score 9.9 of 10 (high)

Details

Summary

Advisories, Assessments, and Mitigations