CVE-2025-52715
BaseFortify
Publication date: 2025-06-20
Last updated on: 2026-04-23
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) issue in the WordPress Classified Listing plugin up to version 4.2.0. It allows an attacker with at least Contributor-level privileges to include and display local files from the target website. These files may contain sensitive information such as database credentials, which could lead to a complete database takeover depending on the site's configuration. [1]
How can this vulnerability impact me? :
The impact of this vulnerability includes unauthorized access to sensitive files on the server, potentially exposing database credentials and other confidential information. This can lead to a complete database takeover, compromising the integrity, confidentiality, and availability of the affected system. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress Classified Listing plugin version is up to and including 4.2.0, as these versions are vulnerable. Detection can involve verifying the plugin version installed on your system. Specific commands to check the plugin version in a WordPress environment include using WP-CLI: `wp plugin list --status=active` to list active plugins and their versions. Additionally, monitoring web server logs for suspicious requests attempting Local File Inclusion patterns may help detect exploitation attempts. However, no specific detection commands are provided in the available resources. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate step to mitigate this vulnerability is to update the WordPress Classified Listing plugin to version 4.2.1 or later, where the vulnerability is fixed. Alternatively, if updating is not immediately possible, enabling virtual patching (vPatching) provided by Patchstack can auto-mitigate the vulnerability. Also, enabling auto-updates specifically for vulnerable plugins can help reduce risk. [1]