CVE-2025-8147
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-08-29

Last updated on: 2025-08-29

Assigner: Wordfence

Description
The LWSCache plugin for WordPress is vulnerable to unauthorized modification of data due to improper authorization on the lwscache_activatePlugin() function in all versions up to, and including, 2.8.5. This makes it possible for authenticated attackers, with Subscriber-level access and above, to activate arbitrary whitelisted LWS plugins.
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-08-29
Last Modified
2025-08-29
Generated
2026-06-16
AI Q&A
2025-08-29
EPSS Evaluated
2026-06-14
NVD
CVE-2025-8147
EUVD
EUVD-2025-26173
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
aurΓ©lien_lws lws_cache 2.9
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-285 The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action.
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-8147 is a security vulnerability in the LWSCache WordPress plugin that allows authenticated users with Subscriber-level access or higher to activate arbitrary whitelisted LWS plugins without proper authorization. This happens because the lwscache_activatePlugin() function does not correctly verify user permissions, enabling unauthorized modification of plugin activation via AJAX calls. The vulnerability was fixed in version 2.9 by adding nonce verification, user capability checks, and input sanitization to AJAX handlers. [1, 2]

Impact Analysis

This vulnerability can allow an attacker with low-level authenticated access (Subscriber or above) to activate other LWS plugins that are whitelisted, potentially escalating their privileges or modifying site behavior in unauthorized ways. This could lead to unauthorized changes to the website's functionality or security posture, possibly enabling further attacks or disruptions. [1, 2]

Detection Guidance

Detection of this vulnerability involves checking if the LWSCache WordPress plugin version is 2.8.5 or earlier, as these versions are vulnerable. Since the vulnerability allows authenticated users with Subscriber-level access to activate arbitrary whitelisted LWS plugins via AJAX calls, monitoring AJAX requests to the plugin's endpoints for unauthorized activation attempts can help detect exploitation. Specific commands are not provided in the resources, but general approaches include reviewing WordPress plugin versions via WP-CLI commands like `wp plugin list` to identify vulnerable versions, and inspecting web server logs for suspicious AJAX POST requests targeting LWSCache plugin actions. Additionally, verifying if the plugin has nonce verification and proper capability checks in AJAX calls can indicate if the vulnerability is patched. [1, 2]

Mitigation Strategies

The immediate mitigation step is to update the LWSCache plugin to version 2.9 or later, where the vulnerability CVE-2025-8147 is fixed. The update includes nonce verification on all AJAX calls, user capability checks restricting sensitive operations to administrators, and improved input sanitization. If updating immediately is not possible, restrict access to the WordPress admin area to trusted users only and monitor for suspicious AJAX activity related to plugin activation. Applying these security best practices reduces the risk of exploitation until the plugin can be updated. [2, 1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8147. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart