CVE-2025-49444

CVE-2025-49444

Information

CVE_ID              : CVE-2025-49444
Severity            : CRITICAL
Published        : 2025-06-17T15:15:49.127
LastModified  : 2025-06-17T20:50:23.507
Updated          : 2025-06-17T20:50:23.507
Status              : Awaiting Analysis

Descriptions:

Unrestricted Upload of File with Dangerous Type vulnerability in merkulove Reformer for Elementor allows Upload a Web Shell to a Web Server. This issue affects Reformer for Elementor: from n/a through 1.0.5.


Know Exploitability

Exploitability : False

Vendor Affected

CVE-2025-49444

V4.0

V3.1

Score : 10.0
Severity : CRITICAL
Attack Vector : NETWORK
Attack Complexity : LOW
Privileges Required : NONE
User Interaction : NONE
Scope : CHANGED
Confidentiality Impact : HIGH
Integrity Impact : HIGH
Availability Impact : HIGH
Exploitability : 3.9
Impact Score : 6.0

V3.0

V2.0

References

https://patchstack.com/database/wordpress/plugin/reformer-elementor/vulnerability/wordpress-reformer-for-elementor-1-0-5-arbitrary-file-upload-vulnerability?_s_id=cve

Vendor Product