CVE-2025-5396
BaseFortify
Publication date: 2025-07-17
Last updated on: 2025-07-17
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | bears_backup | * |
| wordpress | alone | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-94 | The product constructs all or part of a code segment using externally-influenced input from an upstream component, but it does not neutralize or incorrectly neutralizes special elements that could modify the syntax or behavior of the intended code segment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The Bears Backup plugin for WordPress has a Remote Code Execution vulnerability in all versions up to 2.0.0. This occurs because the bbackup_ajax_handle() function does not check user capabilities or validate user input before passing it to call_user_func(), allowing unauthenticated attackers to execute arbitrary code on the server.
How can this vulnerability impact me? :
This vulnerability can allow attackers to execute code remotely on your server, potentially injecting backdoors or creating new administrative user accounts, which can lead to full site compromise and unauthorized control.
What immediate steps should I take to mitigate this vulnerability?
To mitigate this vulnerability, immediately update the Bears Backup plugin to a version later than 2.0.0 where the issue is fixed. Additionally, review and restrict access to the bbackup_ajax_handle() function, and monitor for any unauthorized administrative user accounts or backdoors that may have been created. If your site uses the Alone theme version 7.8.4 or older, update it as well to prevent chaining with CVE-2025-5394.