CVE-2025-6085

HIGH

Make Connector <1.5.10 - File Upload

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2025-6085. PoCs published by d0n601.

AI-analyzed exploit summary This PoC demonstrates an authenticated arbitrary file upload vulnerability in the Make Connector WordPress plugin (CVE-2025-6085), allowing admin users to upload malicious PHP files and achieve remote code execution. The exploit leverages a flaw where file uploads are processed before mime type validation.

Description

The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (1)

nomisec WORKING POC 1 stars
by d0n601 · poc
https://github.com/d0n601/CVE-2025-6085

This PoC demonstrates an authenticated arbitrary file upload vulnerability in the Make Connector WordPress plugin (CVE-2025-6085), allowing admin users to upload malicious PHP files and achieve remote code execution. The exploit leverages a flaw where file uploads are processed before mime type validation.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: Make Connector WordPress plugin <= 1.5.10
Auth required
Prerequisites: Admin or higher privileges on the WordPress site · Valid API key from the Make Connector plugin
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (7)

Core 7

Scores

CVSS v3 7.2
EPSS 0.0116
EPSS Percentile 62.9%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation poc
Automatable no
Technical Impact total

Details

CWE
CWE-434
Status published
Products (2)
celonis/make_connector < 1.5.10
integromat/Make Connector < 1.5.10
Published Sep 04, 2025
Tracked Since Feb 18, 2026