CVE-2025-28998
BaseFortify
Publication date: 2025-06-27
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) issue in the WordPress SERPed.net plugin up to version 4.6. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filenames in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover. [1]
How can this vulnerability impact me? :
The vulnerability can allow attackers to access and display sensitive local files on your website, exposing critical information like database credentials. Depending on your website's configuration, this could lead to a full database takeover. It poses a high risk with a CVSS score of 8.1 and is likely to be widely exploited, potentially resulting in data breaches and loss of control over your website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion (LFI) vulnerability involves monitoring for exploitation attempts that try to include local files via the vulnerable plugin. While specific commands are not provided, Patchstack recommends professional incident response and server-side malware scanning to detect compromise. Network monitoring for unusual HTTP requests attempting to include local files (e.g., requests with suspicious parameters targeting the SERPed.net plugin) can help identify exploitation attempts. Since plugin-based malware scanners can be tampered with, relying on server-side scanning and professional tools is advised. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) released by Patchstack, which blocks exploitation attempts until an official plugin update is available. Since no official fix or patched version exists yet, applying this virtual patch is the recommended action. Additionally, monitoring for signs of compromise and performing professional incident response and server-side malware scanning are advised to ensure the site is not already compromised. [1]