CVE-2025-47586
BaseFortify
Publication date: 2025-06-06
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-47586 is a critical Local File Inclusion (LFI) vulnerability in the WordPress Motors - Events plugin versions up to 1.4.7. It allows unauthenticated attackers to include and display local files from the target website by exploiting improper control of filenames in PHP include/require statements. This can expose sensitive information such as database credentials and potentially lead to a complete database takeover depending on the website's configuration. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including exposure of sensitive information like database credentials, unauthorized access to critical data, and potentially complete takeover of the website's database. Since it requires no privileges to exploit, attackers can easily perform automated attacks, leading to data breaches, service disruption, and loss of control over the affected website. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves monitoring for attack attempts that try to exploit the Local File Inclusion (LFI) flaw in the WordPress Motors - Events plugin. Since the vulnerability allows unauthenticated attackers to include local files, suspicious HTTP requests containing file inclusion patterns (e.g., parameters with file paths) should be logged and analyzed. Additionally, server-side malware scanning is recommended as plugin-based scanners may be unreliable. Specific commands are not provided in the resources, but monitoring web server logs for unusual requests and using professional incident response tools are advised. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying the virtual patch (vPatch) provided by Patchstack, which automatically blocks attack attempts targeting this vulnerability until an official fix is released. It is also recommended to perform professional incident response and conduct server-side malware scanning to detect and remove any compromise. Since no official patch is available yet, applying the virtual patch and monitoring for exploitation attempts are critical. [1]