CVE-2025-47637: 
WordPress vulnerability analysis and mitigation

CVE-2025-47637 is an Unrestricted Upload of File with Dangerous Type vulnerability affecting STAGGS WordPress plugin versions through 2.11.0. The vulnerability was discovered and disclosed on May 16, 2025, allowing attackers to upload a web shell to a web server (Patchstack).

The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) with a CVSS v3.1 base score of 10.0 CRITICAL (Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:C/C:H/I:H/A:H). The vulnerability allows unauthenticated attackers to upload arbitrary files to the web server (Patchstack).

When exploited, this vulnerability enables attackers to upload any type of file to the affected website, including backdoors which can be executed to gain further access to the website. Given its CVSS score of 10.0, this vulnerability is considered highly dangerous and is expected to become mass exploited (Patchstack).

Users are advised to update to STAGGS version 2.12.0 or later which contains the fix for this vulnerability. For immediate protection, Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users can update to a fixed version (Patchstack).