GCVE - cpe:2.3:a:aeropage:aeropage_sync_for_airtable:*:*:*:*:*:wordpress:*:*

Approved changes feed: RSS · Atom

cpe:2.3:a:aeropage:aeropage_sync_for_airtable:*:*:*:*:*:wordpress:*:*

part: a version: * update: *

Vendor	Aeropage (`2bceca5f-f92c-5106-8913-63f4a721c65f`)
Product	Aeropage Sync For Airtable (`f7e5c8d6-2732-54c2-aa09-c15266cbd87c`)
Edition	*
Language	*
Software edition	*
Target software	wordpress
Target hardware	*
Other	*
Notes	Imported from gcve-enriched-dumps CVE data

PURL mappings

PURL	Source	Last updated
No PURL mappings for this CPE yet.

Vulnerability references

Identifier	cpeApplicability	Submitted	db.gcve.eu details	Rationale
`CVE:CVE-2025-3915`	vulnerable	2026-06-08 07:23:10.134648	Aeropage Sync for Airtable <= 3.2.0 - Missing Authorization to Authenticated (Subscriber+) Arbitrary Post Deletion MEDIUM (4.3) The Aeropage Sync for Airtable plugin for WordPress is vulnerable to unauthorized loss of data due to a missing capability check on the 'aeropageDeletePost' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to delete arbitrary posts. Published: 2025-04-26T05:34:25.018Z Updated: 2026-04-08T17:34:11.484Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/f98aab54-877b-47df-9c8a-5e70ea985c1c?source=cve https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L475 https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L476 https://plugins.trac.wordpress.org/changeset/3281904/	Imported from gcve-enriched-dumps CVE data
`CVE:CVE-2025-3914`	vulnerable	2026-06-08 07:23:10.134253	Aeropage Sync for Airtable <= 3.2.0 - Authenticated (Subscriber+) Arbitrary File Upload HIGH (8.8) The Aeropage Sync for Airtable plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the 'aeropage_media_downloader' function in all versions up to, and including, 3.2.0. This makes it possible for authenticated attackers, with Subscriber-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible. Published: 2025-04-26T05:34:24.102Z Updated: 2026-04-08T17:13:12.020Z Open on db.gcve.eu Reference links https://www.wordfence.com/threat-intel/vulnerabilities/id/a501c2d6-cdcc-4003-99df-245f5253e20f?source=cve https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1214 https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1215 https://plugins.trac.wordpress.org/browser/aeropage-sync-for-airtable/trunk/aeropage.php#L1250 https://plugins.trac.wordpress.org/changeset/3281904/	Imported from gcve-enriched-dumps CVE data

Contribute

You can submit an edit proposal for this CPE entry or suggest a related product/vendor addition using the action button above.

Aeropage Sync For Airtable

PURL mappings

Vulnerability references

Contribute