CVE-2025-8147
BaseFortify
Publication date: 2025-08-29
Last updated on: 2025-08-29
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| aurΓ©lien_lws | lws_cache | 2.9 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-285 | The product does not perform or incorrectly performs an authorization check when an actor attempts to access a resource or perform an action. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8147 is a security vulnerability in the LWSCache WordPress plugin that allows authenticated users with Subscriber-level access or higher to activate arbitrary whitelisted LWS plugins without proper authorization. This happens because the lwscache_activatePlugin() function does not correctly verify user permissions, enabling unauthorized modification of plugin activation via AJAX calls. The vulnerability was fixed in version 2.9 by adding nonce verification, user capability checks, and input sanitization to AJAX handlers. [1, 2]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with low-level authenticated access (Subscriber or above) to activate other LWS plugins that are whitelisted, potentially escalating their privileges or modifying site behavior in unauthorized ways. This could lead to unauthorized changes to the website's functionality or security posture, possibly enabling further attacks or disruptions. [1, 2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves checking if the LWSCache WordPress plugin version is 2.8.5 or earlier, as these versions are vulnerable. Since the vulnerability allows authenticated users with Subscriber-level access to activate arbitrary whitelisted LWS plugins via AJAX calls, monitoring AJAX requests to the plugin's endpoints for unauthorized activation attempts can help detect exploitation. Specific commands are not provided in the resources, but general approaches include reviewing WordPress plugin versions via WP-CLI commands like `wp plugin list` to identify vulnerable versions, and inspecting web server logs for suspicious AJAX POST requests targeting LWSCache plugin actions. Additionally, verifying if the plugin has nonce verification and proper capability checks in AJAX calls can indicate if the vulnerability is patched. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the LWSCache plugin to version 2.9 or later, where the vulnerability CVE-2025-8147 is fixed. The update includes nonce verification on all AJAX calls, user capability checks restricting sensitive operations to administrators, and improved input sanitization. If updating immediately is not possible, restrict access to the WordPress admin area to trusted users only and monitor for suspicious AJAX activity related to plugin activation. Applying these security best practices reduces the risk of exploitation until the plugin can be updated. [2, 1]