CVE-2025-15546
N/A PoC AVAILABLEThe Iptanus File Upload WordPress plugin before 5.1.7 does not implement proper file handling when the duplicatepolicy setting is configured to "maintain both." Due to a Time-of-Check to Time-of-Use (TOCTOU) race condition between the file existence check and the actual file write operation, an authenticated attacker can overwrite files uploaded by other users.
EXPLOIT AVAILABLE
Public exploit or PoC code exists. Modeled probability is still low, but the barrier to attack is reduced — watch closely.
Exploitation likelihood
0.2%chance of exploitation in 30 days · 5th percentile
○ In CISA KEV
● Public exploit / PoC
Impact if exploited
—CVSS · not scored
- No impact metrics
Proof of concept & exploit code
Listed for defensive triage and patch prioritization.
Weakness (CWE)
Not classified.
CVSS vector
Not yet scored.