Ajar in5 Embed <3.1.5: Unrestricted Upload Allows Web Shell
CVE-2025-47642 Published on May 23, 2025
WordPress Ajar in5 Embed plugin <= 3.1.5 - Arbitrary File Upload Vulnerability
Unrestricted Upload of File with Dangerous Type vulnerability in Ajar Productions Ajar in5 Embed allows Upload a Web Shell to a Web Server. This issue affects Ajar in5 Embed: from n/a through 3.1.5.
Vulnerability Analysis
CVE-2025-47642 is exploitable with network access, and does not require authorization privileges or user interaction. This vulnerability is considered to have a low attack complexity. The potential impact of an exploit of this vulnerability is considered to be critical as this vulnerability has a high impact to the confidentiality, integrity and availability of this component.
Weakness Type
What is an Unrestricted File Upload Vulnerability?
The software allows the attacker to upload or transfer files of dangerous types that can be automatically processed within the product's environment.
CVE-2025-47642 has been classified to as an Unrestricted File Upload vulnerability or weakness.
Affected Versions
Ajar Productions Ajar in5 Embed (WordPress Plugin ajar-productions-in5-embed):- Before and including 3.1.5 is affected.
Exploit Probability
EPSS (Exploit Prediction Scoring System) scores estimate the probability that a vulnerability will be exploited in the wild within the next 30 days. The percentile shows you how this score compares to all other vulnerabilities.