NVD CRITICAL: CVE-2018-25335 — WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerabili...

Sunday, May 17, 2026 at 01:16 PM UTC·Source: NIST NVD

Updated: Sunday, May 17, 2026 at 02:00 PM UTC

Executive Summary

WordPress Plugin Peugeot Music 1.0 contains an arbitrary file upload vulnerability that allows unauthenticated attackers to upload malicious files by sending POST requests to the upload.php endpoint. Attackers can upload files with arbitrary extensions by manipulating the 'name' parameter to execute code from the uploads directory.

Analysis

Indicators of Compromise (1)

CVE (1)

CVE-2018-25335

NVD MITRE CVE

Source Attribution

Originally published by NIST NVD on May 17, 2026. Verified by: NIST.

Related Threats

MEDIUMVulnerabilityNEW

Nationwide gives abuse survivors the power to block harmful payment messages

Nationwide has released a new in-app features that gives abuse survivors the power to block harmful payment messages.

Just nowFinextra

MEDIUMVulnerabilityNEW

State Employees’ Credit Union signs with Corelation

State Employees’ Credit Union (SECU) has signed with credit union core processor Corelation, Inc., announcing plans to convert to the KeyStone core. Based in Raleigh, North Carolina, SECU is the second largest credit union in the United States with over $59 billion in assets, serving more than 2.9 million members.

9m agoFinextra

MEDIUMVulnerabilityNEW

OMS appoints Simon Tippett as head of delivery

One Mortgage System (OMS), the CRM and loan origination platform for intermediaries and lenders, has announced the appointment of Simon Tippett as Head of Delivery as the business continues to strengthen its technical and operational capabilities during its next phase of growth.

11m agoFinextra