The vulnerability identified as CVE-2025-14632 affects the Filr – Secure document library plugin for WordPress, developed by wpchill. This plugin allows users to manage and share documents securely within WordPress sites. The issue lies in the FILR_Uploader class, which fails to enforce adequate file type restrictions when handling uploaded files. As a result, authenticated users with Administrator-level permissions or higher can upload files with dangerous types, specifically malicious HTML files containing embedded JavaScript. When such a file is accessed by users authorized to create or edit posts of the 'filr' post type, the embedded JavaScript executes, leading to stored cross-site scripting (XSS). This can allow attackers to perform actions such as session hijacking, defacement, or unauthorized actions within the context of the victim’s browser session. The vulnerability requires high privileges to exploit, meaning only trusted users or compromised administrator accounts can leverage it. The CVSS 3.1 score is 4.4 (medium), reflecting the limited attack surface and the requirement for elevated privileges. No patches or known exploits are currently available, but the vulnerability poses a risk to the confidentiality and integrity of affected WordPress sites. The scope is limited to sites using this specific plugin and versions up to 1.2.11.

The primary impact of this vulnerability is on the confidentiality and integrity of affected WordPress sites. Attackers with administrator-level access can upload malicious HTML files that execute JavaScript in the context of other users with 'filr' post type permissions, potentially leading to session hijacking, privilege escalation, or unauthorized actions. While availability is not directly impacted, the exploitation could facilitate further attacks that degrade service or compromise site integrity. Organizations relying on this plugin for secure document management risk data leakage, unauthorized data manipulation, and reputational damage if exploited. Since exploitation requires high privileges, the threat is mainly from insider threats or attackers who have already compromised administrator accounts. The lack of patches increases the window of exposure, especially for sites with multiple administrators or weak internal controls.

To mitigate this vulnerability, organizations should immediately restrict administrator-level access to trusted personnel only and audit existing administrator accounts for suspicious activity. Implement strict monitoring of file uploads within the Filr plugin, looking for unusual or unexpected file types, especially HTML files. Disable or limit the ability to upload files with executable content if possible. Employ web application firewalls (WAFs) with rules to detect and block stored XSS payloads targeting the plugin’s upload functionality. Regularly back up WordPress sites and maintain an incident response plan to quickly address potential compromises. Stay alert for official patches or updates from wpchill and apply them promptly once released. Additionally, consider isolating the plugin’s functionality or using alternative secure document management solutions until the vulnerability is resolved.