CVE-2019-25295

medium

Description

The WP Cost Estimation plugin for WordPress is vulnerable to Upload Directory Traversal in versions before 9.660 via the uploadFormFiles function. This allows attackers to overwrite any file with a whitelisted type on an affected site.

References

https://www.wordfence.com/threat-intel/vulnerabilities/id/65a9e877-e870-4e36-985d-c0629abe3f78?source=cve

https://www.wordfence.com/blog/2019/02/vulnerabilities-patched-in-wp-cost-estimation-plugin/

https://codecanyon.net/item/wp-cost-estimation-payment-forms-builder/7818230

Details

Source: Mitre, NVD

Published: 2026-01-08

Updated: 2026-04-15

Risk Information

CVSS v2

Base Score: 6.4

Vector: CVSS2#AV:N/AC:L/Au:N/C:N/I:P/A:P

Severity: Medium

CVSS v3

Base Score: 6.5

Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:N/I:L/A:L