Severity
High
Analysis Summary
CVE-2025-49071 CVSS:10
Unrestricted Upload of File with Dangerous Type vulnerability in NasaTheme Flozen allows Upload a Web Shell to a Web Server. This issue affects Flozen: from n/a through n/a.
CVE-2025-49451 CVSS:7.5
Path Traversal vulnerability in Yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery and Post Grid with Photo Gallery allows Path Traversal. This issue affects Aeroscroll Gallery – Infinite Scroll Image Gallery & Post Grid with Photo Gallery: from n/a through 1.0.1
Impact
- Gain Access
Indicators of Compromise
CVE
CVE-2025-49071
CVE-2025-49451
Affected Vendors
- WordPress
Affected Products
- NasaTheme Flozen affected from n/a before 1.5.1
- yannisraft Aeroscroll Gallery – Infinite Scroll Image Gallery and Post Grid with Photo Gallery affected from n/a through 1.0.12
Remediation
Update the WordPress plugin to the latest available version.