CVE-2025-7667
BaseFortify
Publication date: 2025-07-15
Last updated on: 2025-07-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | restrict_file_access | 1.1.2 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-352 | The web application does not, or cannot, sufficiently verify whether a request was intentionally provided by the user who sent the request, which could have originated from an unauthorized actor. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Cross-Site Request Forgery (CSRF) issue in the Restrict File Access WordPress plugin (versions up to 1.1.2). It occurs because the plugin lacks proper nonce validation on the 'restrict-file-access' page. As a result, an attacker can trick an authenticated site administrator into performing unintended actions, such as deleting arbitrary files on the server via a forged request. Deleting critical files like wp-config.php can lead to remote code execution.
How can this vulnerability impact me? :
This vulnerability can allow an unauthenticated attacker to delete arbitrary files on the server by tricking an administrator into clicking a malicious link. This can lead to severe consequences such as remote code execution if critical files (e.g., wp-config.php) are deleted. The impact includes potential site compromise, data loss, and unauthorized control over the WordPress installation.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious POST requests to the 'restrict-file-access' page that attempt to delete files without proper nonce validation. You can look for unusual POST requests targeting the file deletion functionality of the Restrict File Access plugin. For example, using command-line tools like curl or network monitoring tools to detect POST requests with file deletion parameters. A sample command to test might be: curl -X POST -d "file=wp-config.php" https://yourwordpresssite.com/wp-admin/admin.php?page=restrict-file-access Additionally, monitoring web server logs for unexpected file deletion requests or unusual administrator actions triggered by external links can help detect exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1. Update the Restrict File Access plugin to a version later than 1.1.2 where the nonce validation issue is fixed. 2. Restrict administrative access to trusted users only and educate administrators to avoid clicking on suspicious links. 3. Implement Web Application Firewall (WAF) rules to block unauthorized POST requests to the 'restrict-file-access' page. 4. Temporarily disable or restrict the plugin if an update is not immediately available. 5. Monitor logs for suspicious activity related to file deletion. These steps reduce the risk of unauthorized file deletion and potential remote code execution. [1]