← All CVEs

CVE-2025-15546

N/A PoC AVAILABLE

Published 2026-06-14 · Last modified 2026-06-14

The Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.

EXPLOIT AVAILABLE

Public exploit or PoC code exists. Modeled probability is still low, but the barrier to attack is reduced — watch closely.

Exploitation likelihood

0.2%chance of exploitation in 30 days · 5th percentile

○ In CISA KEV ● Public exploit / PoC

Impact if exploited

CVSS · not scored

  • No impact metrics

Proof of concept & exploit code

Listed for defensive triage and patch prioritization.

Affected

Vendors Unknown

Products Iptanus File Upload

Weakness (CWE)

Not classified.

CVSS vector

Not yet scored.

References

Exploits & PoC

Sources: NVD · CVE.org · EPSS