Aeropage Sync For Airtable vulnerabilities
2 known vulnerabilities affecting aeropage/aeropage_sync_for_airtable.
Total CVEs
2
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
HIGH1MEDIUM1
Vulnerabilities
Page 1 of 1
CVE-2025-3914P2HIGHCVSS 8.8fixed in 3.3.0≤ 3.2.02025-04-26
CVE-2025-3914 [HIGH] CWE-434 CVE-2025-3914: The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to m
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site
nvd
CVE-2025-3915P4MEDIUMCVSS 4.3fixed in 3.3.0≤ 3.2.02025-04-26
CVE-2025-3915 [MEDIUM] CWE-862 CVE-2025-3915: The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due t
The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aeropageDeletePost' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts.
nvd