CVE-2025-47627
BaseFortify
Publication date: 2025-07-04
Last updated on: 2026-04-28
Assigner: Patchstack
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) flaw in the WordPress PrivateContent - Mail Actions plugin (versions up to 2.3.2). It allows unauthenticated attackers to include and display local files from the target website by improperly controlling the filename used in PHP include/require statements. Exploiting this can expose sensitive files such as those containing database credentials, potentially leading to full database takeover depending on the site's configuration. [1]
How can this vulnerability impact me? :
Exploitation of this vulnerability can lead to exposure of sensitive files on the server, including database credentials. This can result in a full database takeover, compromising the confidentiality, integrity, and availability of the affected website and its data. Automated attacks may mass exploit unpatched sites, increasing the risk of widespread damage. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this Local File Inclusion vulnerability can involve monitoring for unusual HTTP requests attempting to include local files via the PrivateContent - Mail Actions plugin. Since the vulnerability allows unauthenticated attackers to include and display local files, inspecting web server logs for suspicious URL parameters or requests targeting the plugin's include/require functionality is recommended. Additionally, professional incident response and server-side malware scanning are advised to detect potential compromises. Specific commands are not provided in the resources. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include applying Patchstack's virtual patch (vPatch) which blocks attack attempts targeting this vulnerability until an official fix is released. It is safe to apply and test this virtual patch to protect affected sites immediately. Additionally, professional incident response and server-side malware scanning should be conducted if compromise is suspected. Since no official fixed version is available, relying on the virtual patch and monitoring is critical. [1]