CVE-2025-6085 – The Make Connector WordPress plugin allows auth... (How to Fix)

Q: What is the severity of CVE-2025-6085?

CVE-2025-6085 has a CVSS score of 7.2 (HIGH). The Make Connector WordPress plugin allows authenticated attackers with Administrator privileges to upload arbitrary files due to improper file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to and including 1.5.10 are vulnerable.

📋 TL;DR

The Make Connector WordPress plugin allows authenticated attackers with Administrator privileges to upload arbitrary files due to improper file type validation. This vulnerability can lead to remote code execution on affected WordPress sites. All versions up to and including 1.5.10 are vulnerable.

💻 Affected Systems

Products:

Make Connector WordPress plugin

Versions: All versions up to and including 1.5.10

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Requires attacker to have Administrator-level WordPress access; affects all WordPress installations using vulnerable plugin versions.

📦 What is this software?

Make Connector by Celonis

View all CVEs affecting Make Connector →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.

🟠

Likely Case

Attackers upload web shells or malicious scripts to gain persistent access, deface websites, or deploy malware.

🟢

If Mitigated

Limited impact if file uploads are restricted by web server configurations or security plugins block execution.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires Administrator credentials; public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 1.5.11 or later

Vendor Advisory: https://plugins.trac.wordpress.org/browser/integromat-connector/

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Make Connector' plugin. 4. Click 'Update Now' if update available. 5. If no update, manually download version 1.5.11+ from WordPress.org and replace plugin files.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily deactivate the Make Connector plugin until patched.

wp plugin deactivate integromat-connector

Restrict file uploads via .htaccess

linux

Block execution of uploaded files in WordPress uploads directory.

Add to .htaccess in wp-content/uploads: <FilesMatch "\.(php|phtml|php3|php4|php5|php7|phps|php8|inc|pl|py|jsp|asp|htm|html|shtml|sh|cgi)">
  Order allow,deny
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Remove Administrator access from untrusted users
Implement web application firewall rules to block suspicious file uploads

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel > Plugins > Installed Plugins for Make Connector version 1.5.10 or lower.

Check Version:

wp plugin get integromat-connector --field=version

Verify Fix Applied:

Confirm plugin version is 1.5.11 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to wp-content/uploads via REST API endpoints
POST requests to /wp-json/integromat/v1/upload_media with non-media file extensions

Network Indicators:

HTTP POST requests containing PHP/executable files to WordPress REST API

SIEM Query:

source="wordpress.log" AND (uri_path="/wp-json/integromat/v1/upload_media" AND file_extension IN ("php", "phtml", "exe", "sh"))

📊 Metadata

CVE ID: CVE-2025-6085

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-434

EPSS Score: 0.73% exploit probability (72.2th percentile)

Published: September 4, 2025

Last Updated: December 22, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-6085, you might also want to check these: