CVE-2025-49329: Unrestricted Upload of File with Dangerous Type in Agile Logix Store Locator WordPress
Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Upload a Web Shell to a Web Server.This issue affects Store Locator WordPress: from n/a through <= 1.5.2.
AI Analysis
Technical Summary
The Agile Logix Store Locator WordPress plugin versions up to 1.5.2 contain an unrestricted file upload vulnerability that allows an attacker with high privileges to upload files of dangerous types, such as web shells, to the web server. This can result in partial compromise of confidentiality, integrity, and availability of the affected system. The vulnerability is network exploitable with low attack complexity and does not require user interaction. The CVSS vector indicates that the attacker must have privileges (PR:H) but no user interaction is needed, and the vulnerability affects confidentiality, integrity, and availability to a limited extent.
Potential Impact
Successful exploitation could allow an attacker with high privileges to upload malicious files, such as web shells, to the server hosting the Store Locator plugin. This may lead to partial disclosure of information, modification of data, and disruption of service. The impact is rated medium with a CVSS score of 6.6, reflecting limited but significant risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict plugin usage to trusted administrators only and consider disabling file upload functionality if possible. Monitor for suspicious file uploads and remove the plugin if not required.
CVE-2025-49329: Unrestricted Upload of File with Dangerous Type in Agile Logix Store Locator WordPress
Description
Unrestricted Upload of File with Dangerous Type vulnerability in Agile Logix Store Locator WordPress agile-store-locator allows Upload a Web Shell to a Web Server.This issue affects Store Locator WordPress: from n/a through <= 1.5.2.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
The Agile Logix Store Locator WordPress plugin versions up to 1.5.2 contain an unrestricted file upload vulnerability that allows an attacker with high privileges to upload files of dangerous types, such as web shells, to the web server. This can result in partial compromise of confidentiality, integrity, and availability of the affected system. The vulnerability is network exploitable with low attack complexity and does not require user interaction. The CVSS vector indicates that the attacker must have privileges (PR:H) but no user interaction is needed, and the vulnerability affects confidentiality, integrity, and availability to a limited extent.
Potential Impact
Successful exploitation could allow an attacker with high privileges to upload malicious files, such as web shells, to the server hosting the Store Locator plugin. This may lead to partial disclosure of information, modification of data, and disruption of service. The impact is rated medium with a CVSS score of 6.6, reflecting limited but significant risk.
Mitigation Recommendations
Patch status is not yet confirmed — check the vendor advisory for current remediation guidance. Until an official fix is available, restrict plugin usage to trusted administrators only and consider disabling file upload functionality if possible. Monitor for suspicious file uploads and remove the plugin if not required.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-06-04T09:42:17.747Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6842ede271f4d251b5c88183
Added to database: 6/6/2025, 1:32:18 PM
Last enriched: 5/1/2026, 3:25:38 PM
Last updated: 5/9/2026, 7:05:33 PM
Views: 83
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
External Links
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.