CVE-2025-7327
BaseFortify
Publication date: 2025-07-08
Last updated on: 2025-07-09
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| radiustheme | widget_for_google_reviews | to 1.0.16 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The vulnerability in the Widget for Google Reviews WordPress plugin (up to version 1.0.15) is a Directory Traversal issue via the 'layout' parameter. Authenticated users with Subscriber-level access or higher can exploit this to include and execute arbitrary PHP files on the server. This allows attackers to bypass access controls, execute any PHP code contained in those files, and potentially obtain sensitive data or take control of the server. The vulnerability arises from insufficient input sanitization and validation in the plugin's handling of inputs. [1]
How can this vulnerability impact me? :
This vulnerability can have severe impacts including unauthorized code execution on your server, bypassing access controls, and exposure of sensitive data. An attacker with minimal privileges (Subscriber-level) can exploit it to run arbitrary PHP code, which could lead to full site compromise, data theft, or disruption of service. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the WordPress site is running the Widget for Google Reviews plugin version 1.0.15 or earlier and if the 'layout' parameter can be manipulated by an authenticated user with Subscriber-level access or higher to perform directory traversal. Specific commands are not provided in the resources, but generally, you can test for directory traversal by sending crafted HTTP requests to the plugin's endpoints that include the 'layout' parameter with traversal payloads (e.g., '../' sequences) while authenticated as a low-privilege user. Monitoring web server logs for suspicious requests targeting the 'layout' parameter or unusual file inclusions may also help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Widget for Google Reviews plugin to version 1.0.16 or later, which includes proper input sanitization, nonce verification, and validation to prevent directory traversal and arbitrary file inclusion. Additionally, ensure that only trusted users have access to authenticated roles that can interact with the plugin. If updating immediately is not possible, restrict access to the plugin's functionality and monitor for suspicious activity related to the 'layout' parameter. [1]