CVE-2025-5058: CWE-434 Unrestricted Upload of File with Dangerous Type in emagicone eMagicOne Store Manager for WooCommerce
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials.
AI Analysis
Technical Summary
CVE-2025-5058 is a critical file upload vulnerability in the eMagicOne Store Manager for WooCommerce plugin for WordPress, present in all versions up to 1.2.5. The vulnerability arises from missing validation of uploaded file types in the set_image() function, enabling unauthenticated attackers to upload arbitrary files. However, exploitation requires the attacker to either leverage the default weak password (1:1) or obtain valid credentials. This flaw can potentially allow remote code execution on the affected server. The vulnerability has a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No patch or official fix has been disclosed by the vendor as of the publication date.
Potential Impact
If exploited, this vulnerability allows unauthenticated attackers with default or compromised credentials to upload arbitrary files to the server hosting the plugin. This can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. The impact is critical due to the potential for full system compromise. However, exploitation is limited to environments where default credentials remain unchanged or credentials are otherwise obtained by the attacker.
Mitigation Recommendations
As no official patch or fix is currently available, users should immediately change any default passwords from '1:1' to strong, unique credentials to prevent unauthorized access. Restrict access to the plugin's management interface and monitor for any suspicious file uploads. Check the vendor's advisory regularly for updates or official patches and apply them promptly once released.
CVE-2025-5058: CWE-434 Unrestricted Upload of File with Dangerous Type in emagicone eMagicOne Store Manager for WooCommerce
Description
The eMagicOne Store Manager for WooCommerce plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the set_image() function in all versions up to, and including, 1.2.5. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible. This is only exploitable by unauthenticated attackers in default configurations where the the default password is left as 1:1, or where the attacker gains access to the credentials.
AI-Powered Analysis
Machine-generated threat intelligence
Technical Analysis
CVE-2025-5058 is a critical file upload vulnerability in the eMagicOne Store Manager for WooCommerce plugin for WordPress, present in all versions up to 1.2.5. The vulnerability arises from missing validation of uploaded file types in the set_image() function, enabling unauthenticated attackers to upload arbitrary files. However, exploitation requires the attacker to either leverage the default weak password (1:1) or obtain valid credentials. This flaw can potentially allow remote code execution on the affected server. The vulnerability has a CVSS 3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). No patch or official fix has been disclosed by the vendor as of the publication date.
Potential Impact
If exploited, this vulnerability allows unauthenticated attackers with default or compromised credentials to upload arbitrary files to the server hosting the plugin. This can lead to remote code execution, compromising the confidentiality, integrity, and availability of the affected system. The impact is critical due to the potential for full system compromise. However, exploitation is limited to environments where default credentials remain unchanged or credentials are otherwise obtained by the attacker.
Mitigation Recommendations
As no official patch or fix is currently available, users should immediately change any default passwords from '1:1' to strong, unique credentials to prevent unauthorized access. Restrict access to the plugin's management interface and monitor for any suspicious file uploads. Check the vendor's advisory regularly for updates or official patches and apply them promptly once released.
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Wordfence
- Date Reserved
- 2025-05-21T14:42:07.720Z
- Cisa Enriched
- false
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 683142850acd01a249277dc4
Added to database: 5/24/2025, 3:52:37 AM
Last enriched: 4/9/2026, 5:31:32 PM
Last updated: 5/10/2026, 11:42:24 PM
Views: 77
Community Reviews
0 reviewsCrowdsource mitigation strategies, share intel context, and vote on the most helpful responses. Sign in to add your voice and help keep defenders ahead.
Want to contribute mitigation steps or threat intel context? Sign in or create an account to join the community discussion.
Actions
Updates to AI analysis require Pro Console access. Upgrade inside Console → Billing.
Need more coverage?
Upgrade to Pro Console for AI refresh and higher limits.
For incident response and remediation, OffSeq services can help resolve threats faster.
Latest Threats
Check if your credentials are on the dark web
Instant breach scanning across billions of leaked records. Free tier available.