CVE-2025-1093: AIHub <= 1.3.7 - Unauthenticated Arbitrary File Upload in generate_image
First published: Sat Apr 19 2025(Updated: )
The AIHub theme for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the generate_image function in all versions up to, and including, 1.3.7. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.
Credit: security@wordfence.com
| Affected Software | Affected Version | How to fix |
|---|---|---|
| AIHub AIHub theme | <=1.3.7 |
Never miss a vulnerability like this again
Sign up to SecAlerts for real-time vulnerability data matched to your software, aggregated from hundreds of sources.
Reference Links
Frequently Asked Questions
What is the severity of CVE-2025-1093?
CVE-2025-1093 has a high severity rating due to the potential for arbitrary file uploads by unauthenticated attackers.
How do I fix CVE-2025-1093?
To fix CVE-2025-1093, update the AIHub theme to version 1.3.8 or later, where the file validation issue has been resolved.
Who is affected by CVE-2025-1093?
All users of the AIHub theme for WordPress on versions up to and including 1.3.7 are affected by CVE-2025-1093.
What can attackers do with CVE-2025-1093?
With CVE-2025-1093, attackers can upload arbitrary files to the affected site, which can lead to further exploitation or data breaches.
When was CVE-2025-1093 reported?
CVE-2025-1093 was reported in 2025, highlighting a significant security vulnerability in the AIHub theme.
- collector/mitre-cve
- source/MITRE
- agent/weakness
- agent/title
- agent/references
- agent/type
- agent/description
- agent/first-publish-date
- agent/guess-ai
- agent/software-canonical-lookup
- agent/software-canonical-lookup-request
- agent/softwarecombine
- collector/nvd-api
- source/NVD
- agent/severity
- agent/last-modified-date
- agent/author
- agent/source
- agent/tags
- agent/event
- vendor/aihub
- canonical/aihub aihub theme