Beeteam368 Extensions vulnerabilities
3 known vulnerabilities affecting beeteam368/beeteam368_extensions.
Total CVEs
3
CISA KEV
0
Public exploits
0
Exploited in wild
0
Severity breakdown
CRITICAL1HIGH2
Vulnerabilities
Page 1 of 1
CVE-2025-25174P2CRITICALCVSS 10.0≤ 1.9.42025-08-14
CVE-2025-25174 [CRITICAL] CWE-98 CVE-2025-25174: Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusio
Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion') vulnerability in beeteam368 BeeTeam368 Extensions beeteam368-extensions allows PHP Local File Inclusion.This issue affects BeeTeam368 Extensions: from n/a through <= 1.9.4.
nvd
CVE-2025-6423P2HIGHCVSS 8.8≤ 2.3.52025-07-12
CVE-2025-6423 [HIGH] CWE-434 CVE-2025-6423: The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missin
The BeeTeam368 Extensions plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the handle_submit_upload_file() function in all versions up to, and including, 2.3.5. This makes it possible for authenticated attackers with Subscriber-level access or higher to upload arbitrary files on the affected site's serv
nvd
CVE-2025-6381P3HIGHCVSS 8.8≤ 2.3.42025-06-28
CVE-2025-6381 [HIGH] CWE-36 CVE-2025-6381: The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions
The BeeTeam368 Extensions plugin for WordPress is vulnerable to Directory Traversal in all versions up to, and including, 2.3.4 via the handle_remove_temp_file() function. This makes it possible for authenticated attackers, with Subscriber-level access and above, to perform actions on files outside of the originally intended directory. This vulnerability
nvd