CVE-2025-5814
BaseFortify
Publication date: 2025-06-07
Last updated on: 2025-06-09
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-862 | The product does not perform an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the WordPress plugin 'Profiler β What Slowing Down Your WP' (up to version 1.0.0) and allows unauthenticated attackers to modify plugin activation states without any capability checks. Specifically, by accessing the plugin's 'Profiler' page with certain URL parameters, attackers can reactivate previously deactivated plugins or disable active ones. This is possible because the function wpsd_plugin_control() handles plugin activation and deactivation based on URL parameters without verifying user permissions, enabling unauthorized remote control over plugin management. [1]
How can this vulnerability impact me? :
This vulnerability can impact you by allowing attackers to remotely enable or disable WordPress plugins without authentication. This unauthorized modification can lead to security risks such as reactivating vulnerable or malicious plugins, disrupting site functionality, or potentially exposing sensitive debugging information. Since attackers can control plugin states, they might exploit other vulnerabilities in reactivated plugins or cause denial of service by disabling critical plugins. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring HTTP requests to the WordPress site for the presence of the 'wpsd' parameter in the URL query string. Specifically, requests containing 'wpsd=1', 'wpsd=2', or 'wpsd=3' indicate attempts to disable, enable, or test plugins via the vulnerable function. You can use network monitoring tools or web server logs to search for such requests. For example, using command line tools on the server hosting the WordPress site, you can run: 1) To search Apache or Nginx access logs for suspicious requests: grep -i 'wpsd=' /var/log/apache2/access.log or grep -i 'wpsd=' /var/log/nginx/access.log 2) To monitor live traffic for such requests: sudo tcpdump -A -s 0 'tcp port 80 or tcp port 443' | grep 'wpsd=' 3) To test manually, you can send a crafted HTTP request using curl: curl 'http://yourwordpresssite.com/?wpsd=1&plugin=plugin-folder/plugin-file.php' (replace with actual plugin path) to see if the plugin activation state changes without authentication. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Update the 'Profiler β What Slowing Down Your WP' plugin to a version that includes proper capability checks on the wpsd_plugin_control() function, if available. 2) If no update is available, temporarily disable or remove the plugin to prevent exploitation. 3) Restrict access to the 'Profiler' page and any URLs containing the 'wpsd' parameter by implementing web server rules (e.g., IP whitelisting or blocking requests with 'wpsd' in the query string). 4) Monitor logs for suspicious activity involving 'wpsd' parameters and respond accordingly. 5) Consider applying a Web Application Firewall (WAF) rule to block unauthorized requests attempting to use these parameters. [1]