CVE-2025-8081
BaseFortify
Publication date: 2025-08-12
Last updated on: 2025-08-15
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| elementor | website_builder | to 3.30.3 (exc) |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the Elementor WordPress plugin allows authenticated users with administrator-level access to read arbitrary files on the server. It occurs because the import function does not properly validate the filename of uploaded files, enabling attackers to access sensitive server files by exploiting insufficient controls in the Import_Images::import() method. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with admin privileges to read sensitive files on the server, potentially exposing confidential information such as configuration files, credentials, or other private data. This can lead to information disclosure and further compromise of the system.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the Elementor plugin version is 3.30.2 or earlier and if administrator-level users have exploited the Import_Images::import() function to read arbitrary files. Since the vulnerability requires authenticated administrator access, monitoring WordPress logs for suspicious file read activities or unusual access patterns to the import functionality is recommended. Specific commands are not provided in the resources, but checking the plugin version can be done via WP-CLI with: `wp plugin get elementor --field=version`. Additionally, reviewing web server logs for unusual requests to import endpoints or scanning for the presence of the vulnerable code in `includes/template-library/classes/class-import-images.php` can help detect exploitation attempts. [3]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Elementor plugin to a version later than 3.30.2 where the vulnerability is fixed by adding a validation check with `is_uploaded_file()` before processing uploaded files. This prevents processing of tampered or malicious file paths. If an immediate update is not possible, restrict administrator access to trusted users only and monitor for suspicious activity. Applying the patch from the commit that adds the `is_uploaded_file()` check in the `import` method of `class-import-images.php` is critical to prevent exploitation. [1, 2]