CVE-2025-54693: 
WordPress vulnerability analysis and mitigation

The vulnerability (CVE-2025-54693) is an Unrestricted Upload of File with Dangerous Type vulnerability affecting the epiphyt Form Block WordPress plugin through version 1.5.5. The vulnerability was disclosed on August 14, 2025, and allows attackers to upload a web shell to a web server (NVD, Patchstack).

The vulnerability has been assigned a CVSS v3.1 Base Score of 9.0 (CRITICAL) with the following vector: CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:C/C:H/I:H/A:H. The vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type) and requires no authentication or user interaction to exploit (NVD).

This vulnerability is considered highly dangerous and expected to become mass exploited. It allows malicious actors to upload any type of file to the affected website, including backdoors which can be executed to gain further access to the website (Patchstack).

The vulnerability has been fixed in version 1.5.6 of the Form Block plugin. Users are advised to update to version 1.5.6 or later immediately. Patchstack has issued a virtual patch to mitigate this issue by blocking any attacks until users update to a fixed version (Patchstack).