Logo
-

Byte Open Security

(ByteOS Network)

Log In

Sign Up

ByteOS

Security
Vulnerability Details
Registries
Custom Views
Weaknesses
Attack Patterns
Filters & Tools
NVD Vulnerability Details :
CVE-2025-6085
Analyzed
More InfoOfficial Page
Source-security@wordfence.com
View Known Exploited Vulnerability (KEV) details
Published At-04 Sep, 2025 | 10:42
Updated At-22 Dec, 2025 | 20:10

The Make Connector plugin for WordPress is vulnerable to arbitrary file uploads due to misconfigured file type validation in the 'upload_media' function in all versions up to, and including, 1.5.10. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CISA Catalog
Date AddedDue DateVulnerability NameRequired Action
N/A
Date Added: N/A
Due Date: N/A
Vulnerability Name: N/A
Required Action: N/A
Metrics
TypeVersionBase scoreBase severityVector
Secondary3.17.2HIGH
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
Type: Secondary
Version: 3.1
Base score: 7.2
Base severity: HIGH
Vector:
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H
CPE Matches
celonis
celonis
>>make_connector>>Versions up to 1.5.10(inclusive)
cpe:2.3:a:celonis:make_connector:*:*:*:*:*:wordpress:*:*
Weaknesses
CWE IDTypeSource
CWE-434Secondarysecurity@wordfence.com
CWE ID: CWE-434
Type: Secondary
Source: security@wordfence.com
Evaluator Description
Evaluator Impact

Evaluator Solution

Vendor Statements
References
HyperlinkSourceResource
https://github.com/d0n601/CVE-2025-6085security@wordfence.com
Exploit
https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L24security@wordfence.com
Product
https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L74security@wordfence.com
Product
https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L90-95security@wordfence.com
Product
https://ryankozak.com/posts/cve-2025-6085/security@wordfence.com
Exploit
https://www.wordfence.com/threat-intel/vulnerabilities/id/c53c322a-b197-4ece-ae4a-a3a86a009e4d?source=cvesecurity@wordfence.com
Third Party Advisory
https://github.com/d0n601/CVE-2025-6085134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
https://ryankozak.com/posts/cve-2025-6085/134c704f-9b21-4f2e-91b3-4a467353bcc0
Exploit
Hyperlink: https://github.com/d0n601/CVE-2025-6085
Source: security@wordfence.com
Resource:
Exploit
Hyperlink: https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L24
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L74
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://plugins.trac.wordpress.org/browser/integromat-connector/trunk/class/class-rest-request.php#L90-95
Source: security@wordfence.com
Resource:
Product
Hyperlink: https://ryankozak.com/posts/cve-2025-6085/
Source: security@wordfence.com
Resource:
Exploit
Hyperlink: https://www.wordfence.com/threat-intel/vulnerabilities/id/c53c322a-b197-4ece-ae4a-a3a86a009e4d?source=cve
Source: security@wordfence.com
Resource:
Third Party Advisory
Hyperlink: https://github.com/d0n601/CVE-2025-6085
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Hyperlink: https://ryankozak.com/posts/cve-2025-6085/
Source: 134c704f-9b21-4f2e-91b3-4a467353bcc0
Resource:
Exploit
Change History
0Changes found
Details not found