CVE-2025-13543

HIGH

PostGallery plugin <1.12.5 - File Upload

Title source: llm

Exploitation Summary

EIP tracks 2 public exploits for CVE-2025-13543. PoCs published by Sudo-WP, MooseLoveti.

AI-analyzed exploit summary This repository is a security-hardened fork of the abandoned PostGallery WordPress plugin, addressing CVE-2025-13543 (arbitrary file upload vulnerability). It includes patches for file type validation, access control, and input sanitization.

Description

The PostGallery plugin for WordPress is vulnerable to arbitrary file uploads due to incorrect file type validation in the 'PostGalleryUploader' class functions in all versions up to, and including, 1.12.5. This makes it possible for authenticated attackers, with subscriber-level and above permissions, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (2)

nomisec WRITEUP 1 stars

by Sudo-WP · poc

https://github.com/Sudo-WP/sudowp-postgallery

View Code ZIP pw:eip

This repository is a security-hardened fork of the abandoned PostGallery WordPress plugin, addressing CVE-2025-13543 (arbitrary file upload vulnerability). It includes patches for file type validation, access control, and input sanitization.

Classification

Writeup 90%

Attack Type

Other

Complexity

Moderate

Reliability

Reliable

Target: PostGallery WordPress plugin (versions prior to security fork)

No auth needed

Prerequisites: WordPress installation with vulnerable PostGallery plugin

devstral-2 · analyzed Feb 16, 2026 Full analysis →

nomisec WRITEUP

by MooseLoveti · poc

https://github.com/MooseLoveti/PostGallery-CVE-Report

View Code ZIP pw:eip

This repository provides a detailed writeup for CVE-2025-13543, an authenticated arbitrary file upload vulnerability in the PostGallery WordPress plugin (versions <= 1.12.5). The vulnerability allows low-privileged users (e.g., Subscribers) to upload arbitrary PHP files via directory traversal, leading to remote code execution.

Classification

Writeup 100%

Attack Type

Rce

Complexity

Trivial

Reliability

Reliable

Target: PostGallery WordPress plugin <= 1.12.5

Auth required

Prerequisites: Authenticated access to a WordPress site with PostGallery plugin installed · Low-privileged user role (e.g., Subscriber)

MITRE ATT&CK

T1105 - Ingress Tool Transfer T1204 - User Execution T1505 - Server Software Component

devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (2)

Core 2

Core References

Product

https://plugins.trac.wordpress.org/browser/postgallery/tags/1.12.5/admin/PostGalleryUploader.php

Third Party Advisory

https://www.wordfence.com/threat-intel/vulnerabilities/id/13348eb5-5001-4ec4-bc6a-44795bbed203?source=cve

Scores

CVSS v3 8.8

EPSS 0.0068

EPSS Percentile 47.4%

Attack Vector NETWORK

CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment

Exploitation none

Automatable no

Technical Impact total

Details

CWE

CWE-434

Status published

Products (1)

rtowebsites/PostGallery < 1.12.5

Published Dec 04, 2025

Tracked Since Feb 18, 2026