{"data":{"id":"f9b3323a-32b6-4f29-bcf2-0aca1b0af32b","title":"CVE-2025-13374: The Kalrav AI Agent plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in ","summary":"The Kalrav AI Agent plugin for WordPress (versions up to 2.3.3) has a vulnerability in its file upload feature that fails to check what type of file is being uploaded. This allows attackers without user accounts to upload malicious files to the server, potentially leading to RCE (remote code execution, where an attacker can run commands on a system they don't own).","solution":"N/A -- no mitigation discussed in source.","labels":["security"],"sourceUrl":"https://nvd.nist.gov/vuln/detail/CVE-2025-13374","publishedAt":"2026-01-24T08:16:05.173Z","cveId":"CVE-2025-13374","cweIds":["CWE-434"],"cvssScore":"9.8","cvssSeverity":"critical","severity":"critical","attackType":["supply_chain"],"issueType":"vulnerability","affectedPackages":null,"affectedVendors":[],"affectedVendorsRaw":["Kalrav AI Agent"],"classifierModel":"claude-haiku-4-5-20251001","classifierPromptVersion":"v3","cvssVector":null,"attackVector":null,"attackComplexity":null,"privilegesRequired":null,"userInteraction":null,"exploitMaturity":"unknown","epssScore":0.00085,"patchAvailable":null,"disclosureDate":null,"capecIds":["CAPEC-1"],"crossRefCount":0,"attackSophistication":"trivial","impactType":["integrity","availability"],"aiComponentTargeted":"plugin","llmSpecific":false,"classifierConfidence":0.92,"researchCategory":null,"atlasIds":null}}