[{"data":1,"prerenderedAt":-1},["ShallowReactive",2],{"repo-stars":3,"vuln-CVE-2018-25335":6},{"stargazers_count":4,"fetched_at":5},6,"2026-05-18T03:40:42.488Z",{"id":7,"descriptions":8,"cisa":9,"weaknesses":10,"exploits":40,"aliases":55,"duplicate_of":9,"upstream":56,"downstream":57,"duplicates":58,"related":59,"reserved_at":9,"published_at":60,"modified_at":60,"state":61,"summary":62,"references_raw":68,"kevs":79,"epss":9,"epss_history":80,"metrics":81,"affected":93},"CVE-2018-25335","WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.",null,[11],{"_key":12,"id":12,"name":13,"description":14,"type":15,"status":16,"abstraction":17,"likelihood_of_exploit":18,"capec":19},"CWE-306","Missing Authentication for Critical Function","The product does not perform any authentication for functionality that requires a provable user identity or consumes a significant amount of resources.","weakness","Draft","Base","High",[20,24,28,32,36],{"id":21,"name":22,"techniques":23},"CAPEC-12","Choosing Message Identifier",[],{"id":25,"name":26,"techniques":27},"CAPEC-166","Force the System to Reset Values",[],{"id":29,"name":30,"techniques":31},"CAPEC-216","Communication Channel Manipulation",[],{"id":33,"name":34,"techniques":35},"CAPEC-36","Using Unpublished Interfaces or Functionality",[],{"id":37,"name":38,"techniques":39},"CAPEC-62","Cross Site Request Forgery",[],[41],{"_key":42,"name":43,"source":44,"url":45,"maturity":46,"reliability_score":47,"verified":48,"type":9,"platforms":49,"requires_auth":9,"exploitdb":51,"metasploit":9},"44737","WordPress Plugin Peugeot Music - Arbitrary File Upload","exploit-database","https://www.exploit-db.com/exploits/44737","poc",0.5,false,[50],"php",{"verified":48,"type":52,"platform":50,"file":53,"codes":54},"webapps","exploits/php/webapps/44737.txt",[],[],[],[],[],[],"2026-05-17T12:11:39.373Z","Received",{"cisa_kev":48,"cisa_ransomware":48,"cisa_vendor":9,"epss_severity":9,"epss_score":9,"severity":63,"severity_score":64,"severity_version":65,"severity_source":66,"severity_vector":67,"severity_status":61},"critical",9.8,"v3.1","cve.org","CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H",[69,74],{"url":45,"sources":70,"tags":72},[66,71],"nvd",[73],"Exploit",{"url":75,"sources":76,"tags":77},"https://www.vulncheck.com/advisories/wordpress-plugin-peugeot-music-arbitrary-file-upload",[66,71],[78],"Third Party Advisory",[],[],[82,89],{"source":66,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":83,"cvss_v4_0":86},{"baseScore":64,"baseSeverity":84,"vectorString":67,"impactScore":64,"exploitabilityScore":85},"CRITICAL",10,{"baseScore":87,"baseSeverity":84,"vectorString":88,"impactScore":9,"exploitabilityScore":9},9.3,"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N",{"source":71,"cvss_v2_0":9,"cvss_v3_0":9,"cvss_v3_1":90,"cvss_v4_0":91},{"baseScore":64,"baseSeverity":84,"vectorString":67,"impactScore":64,"exploitabilityScore":85},{"baseScore":87,"baseSeverity":84,"vectorString":92,"impactScore":9,"exploitabilityScore":9},"CVSS:4.0/AV:N/AC:L/AT:N/PR:N/UI:N/VC:H/VI:H/VA:H/SC:N/SI:N/SA:N/E:X/CR:X/IR:X/AR:X/MAV:X/MAC:X/MAT:X/MPR:X/MUI:X/MVC:X/MVI:X/MVA:X/MSC:X/MSI:X/MSA:X/S:X/AU:X/R:X/V:X/RE:X/U:X",[94],{"ecosystem":9,"name":95,"vendor":96,"product":97,"cpe_part":98,"purl_type":9,"purl_namespace":9,"purl_name":9,"source":9,"versions":99},"Peugeot Music","peugeot-music-plugin","peugeot music","a",[100],{"version":101,"is_range":48,"range_type":66,"version_start":101,"version_start_type":102,"version_end":101,"version_end_type":102,"fixed_in":9},"1.0","including"]