What the vulnerability does
01Description
Unrestricted Upload of File with Dangerous Type vulnerability in Brian Batt - elearningfreak.com Insert or Embed Articulate Content into WordPress insert-or-embed-articulate-content-into-wordpress allows Upload a Web Shell to a Web Server.This issue affects Insert or Embed Articulate Content into WordPress: from n/a through <= 4.3000000025.
Explanation of Vulnerability in Simple Terms
02Summary
The Insert or Embed Articulate Content plugin for WordPress contains an unrestricted file upload vulnerability affecting versions up to 4.3. An authenticated administrator can upload arbitrary files to the server, potentially including PHP scripts or other executable code. This allows an attacker with admin privileges to run their own code on the site and compromise the entire WordPress installation.
What an attacker can do
03Attacker Capabilities
Upload arbitrary files, including executable code, to the server and run them.
Potential impact on your site
04Site Impact
A compromised admin account can lead to full site takeover, data theft, and malware installation.
Conditions required to exploit
05Prerequisites
Attacker must have WordPress administrator privileges.
Key dates
06Disclosure timeline
April 10, 2025
CVE published
April 28, 2026
Record updated