CVE-2025-8562
BaseFortify
Publication date: 2025-08-25
Last updated on: 2025-08-25
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| peter_hebert | custom_query_shortcode | 0.5.0 |
| peter_hebert | custom_query_shortcode | 0.4.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-22 | The product uses external input to construct a pathname that is intended to identify a file or directory that is located underneath a restricted parent directory, but the product does not properly neutralize special elements within the pathname that can cause the pathname to resolve to a location that is outside of the restricted directory. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a path traversal issue in the Custom Query Shortcode WordPress plugin (versions up to 0.4.0). It allows authenticated users with Contributor-level access or higher to manipulate the 'lens' parameter to read arbitrary files on the server. This means an attacker can access sensitive files by traversing directories beyond the intended scope, potentially exposing confidential information stored on the server. [1, 2]
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with Contributor-level access to read sensitive files on your server. This could lead to exposure of confidential data such as configuration files, credentials, or other private information. Since the attacker needs authenticated access, the risk is limited to users who already have some level of access, but it can still lead to significant information disclosure and potential further compromise. [2]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress site is running the Custom Query Shortcode plugin version 0.4.0 or earlier, which is vulnerable to path traversal via the 'lens' parameter. Detection can involve reviewing plugin versions and monitoring for suspicious requests that include the 'lens' parameter attempting directory traversal patterns (e.g., '../'). Specific commands are not provided in the resources, but typical detection might include inspecting web server logs for requests with 'lens' parameters containing '../' sequences or scanning the plugin version installed. No explicit commands are given in the provided resources. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the Custom Query Shortcode plugin to version 0.5.0 or later, where the path traversal vulnerability has been fixed by sanitizing the 'lens' and 'twig_template' parameters to remove '../' sequences and unwanted characters. Until the update can be applied, restrict Contributor-level user access to trusted users only, as the vulnerability requires authenticated access with Contributor-level permissions or higher. Additionally, monitor and restrict usage of the 'lens' parameter in shortcode inputs if possible. [1, 2]