CVE-2025-7441

CRITICAL EXPLOITED

StoryChief <= 1.0.42 - Unauthenticated Arbitrary File Upload via Webhook REST-API Endpoint

Title source: llm
STIX 2.1

Exploitation Summary

CVE-2025-7441 has been observed exploited in the wild (reported by VulnCheck KEV). EIP tracks 6 public exploits from researchers including xpl0dec, AnotherSec, Boshe99, including a Metasploit module exploits/multi/http/wp_plugin_story_chef_file_upload.

AI-analyzed exploit summary This exploit leverages an arbitrary file upload vulnerability in the StoryChief WordPress plugin (CVE-2025-7441) by crafting a malicious JSON payload with a forged HMAC signature to upload a PHP backdoor via the plugin's webhook endpoint. The backdoor is then accessible in the WordPress uploads directory.

Description

The StoryChief plugin for WordPress is vulnerable to arbitrary file uploads in all versions up to, and including, 1.0.42. This vulnerability occurs through the /wp-json/storychief/webhook REST-API endpoint that does not have sufficient filetype validation. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

Exploits (6)

exploitdb WORKING POC
by xpl0dec · pythonwebappsmultiple
https://www.exploit-db.com/exploits/52422

This exploit leverages an arbitrary file upload vulnerability in the StoryChief WordPress plugin (CVE-2025-7441) by crafting a malicious JSON payload with a forged HMAC signature to upload a PHP backdoor via the plugin's webhook endpoint. The backdoor is then accessible in the WordPress uploads directory.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: StoryChief WordPress Plugin <= 1.0.42
No auth needed
Prerequisites: Target WordPress site with vulnerable StoryChief plugin · Access to a remote server to host the backdoor file
devstral-2 · analyzed Feb 16, 2026 Full analysis →
nomisec WORKING POC 2 stars
by AnotherSec · poc
https://github.com/AnotherSec/CVE-2025-7441

This repository contains a functional Python exploit for CVE-2025-7441, an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin. The exploit crafts a malicious JSON payload to trigger server-side file fetching and persistence in the WordPress uploads directory.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: StoryChief WordPress plugin 1.0.42
No auth needed
Prerequisites: Target must have the vulnerable StoryChief plugin installed · Network access to the target WordPress site
devstral-2 · analyzed Feb 19, 2026 Full analysis →
github WORKING POC
by Boshe99 · pythonpoc
https://github.com/Boshe99/CVE-Exploits/tree/main/CVE-2025-7441

The repository contains functional exploit code for CVE-2025-7441, targeting an arbitrary file upload vulnerability in the WordPress Plugin 3DPrint Lite 1.9.1.4. The exploit demonstrates the ability to upload a malicious file to a vulnerable target.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Trivial
Reliability
Reliable
Target: WordPress Plugin 3DPrint Lite 1.9.1.4
No auth needed
Prerequisites: Vulnerable WordPress site with 3DPrint Lite plugin installed
devstral-2 · analyzed Feb 27, 2026 Full analysis →
github WORKING POC
by Nxploited · pythonremote
https://github.com/Nxploited/CVE-2025-7441

This repository contains a functional Python exploit for CVE-2025-7441, targeting a WordPress webhook vulnerability. The exploit crafts a malicious payload to include a remote shell via the 'featured_image' field and sends it to the vulnerable endpoint.

Classification
Working Poc 95%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress (specific version not specified)
No auth needed
Prerequisites: Target URL with vulnerable WordPress installation · Accessible remote shell/image URL
devstral-2 · analyzed Feb 19, 2026 Full analysis →
vulncheck_xdb WORKING POC
remote
https://github.com/Pwdnx1337/CVE-2025-7441

This repository contains a functional Python exploit for CVE-2025-7441, an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin. The exploit crafts a malicious JSON payload with a remote file URL, computes an HMAC signature, and sends it to the vulnerable endpoint to trigger server-side file retrieval and storage.

Classification
Working Poc 95%
Attack Type
Other
Complexity
Moderate
Reliability
Reliable
Target: StoryChief WordPress plugin 1.0.42
No auth needed
Prerequisites: Target must have the vulnerable StoryChief plugin installed · Target must be reachable via HTTP/HTTPS
devstral-2 · analyzed Feb 25, 2026 Full analysis →
metasploit WORKING POC EXCELLENT
by xpl0dec, Nayera · rubypoc
https://github.com/rapid7/metasploit-framework/blob/master/modules/exploits/multi/http/wp_plugin_story_chef_file_upload.rb

This Metasploit module exploits an unauthenticated arbitrary file upload vulnerability in the StoryChief WordPress plugin (CVE-2025-7441). It leverages a forged HMAC due to an empty secret, allowing attackers to upload and execute malicious PHP code via the webhook endpoint.

Classification
Working Poc 100%
Attack Type
Rce
Complexity
Moderate
Reliability
Reliable
Target: WordPress StoryChief Plugin <= 1.0.42
No auth needed
Prerequisites: Target running vulnerable StoryChief plugin · Network access to WordPress site
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (3)

Core 3

Scores

CVSS v3 9.8
EPSS 0.8332
EPSS Percentile 99.3%
Attack Vector NETWORK
CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CISA SSVC

Vulnrichment
Exploitation none
Automatable yes
Technical Impact total

Details

VulnCheck KEV 2025-08-15
CWE
CWE-434
Status published
Products (1)
storychief/StoryChief < 1.0.42
Published Aug 16, 2025
Tracked Since Feb 18, 2026