CVE-2025-13322

Summary

The WP AUDIO GALLERY plugin for WordPress is vulnerable to arbitrary file deletion due to insufficient file path validation in all versions up to, and including, 2.0. This is due to the wpag_uploadaudio_callback() AJAX handler not properly validating user-supplied file paths in the audio_upload parameter before passing them to unlink(). This makes it possible for authenticated attackers, with subscriber-level access and above, to delete arbitrary files on the server, which can easily lead to remote code execution when critical files like wp-config.php are deleted.

Affected Software

VendorProductVersion RangeStatus
husainali52WP AUDIO GALLERY0 <= 2.0affected

Weaknesses

  • CWE-73: CWE-73 External Control of File Name or Path

ADP Enrichment

CISA ADP Vulnrichment

  • SSVC:
  • Exploitation: none
    • Automatable: no
    • Technical Impact: partial

References