CVE-2025-8889
Unknown Unknown - Not Provided
BaseFortify

Publication date: 2025-09-09

Last updated on: 2025-11-13

Assigner: WPScan

Description
The Compress & Upload WordPress plugin before 1.0.5 does not properly validate uploaded files, allowing high privilege users such as admin to upload arbitrary files on the server even when they should not be allowed to (for example in multisite setup)
CVSS Scores
EPSS Scores
Probability:
Percentile:
Meta Information
Published
2025-09-09
Last Modified
2025-11-13
Generated
2026-06-16
AI Q&A
2025-09-09
EPSS Evaluated
2026-06-14
NVD
CVE-2025-8889
EUVD
EUVD-2025-27223
Affected Vendors & Products
Showing 1 associated CPE
Vendor Product Version / Range
wordpress compress_then_upload *
Helpful Resources
Exploitability
CWE
CWE Icon
KEV
KEV Icon
CWE ID Description
CWE-UNKNOWN
Attack-Flow Graph
AI Quick Actions
Instant insights powered by AI
Executive Summary

CVE-2025-8889 is a vulnerability in the WordPress plugin "Compress Then Upload" versions before 1.0.5. It allows users with admin privileges to upload arbitrary files, including malicious PHP scripts, to the server by bypassing the plugin's file validation. An attacker can intercept and modify the upload request to disguise a PHP web shell as an image file, which the server then saves and allows to be executed, leading to potential remote code execution. [1]

Impact Analysis

This vulnerability can allow an attacker with admin access to upload and execute arbitrary code on the server, potentially leading to full system compromise. The attacker can run system commands remotely via the uploaded PHP web shell, which can result in data theft, site defacement, malware installation, or further attacks on the hosting environment. [1]

Detection Guidance

This vulnerability can be detected by monitoring for suspicious file uploads in the WordPress uploads directory, especially files with PHP extensions or files that contain PHP code disguised as images. One can search for recently uploaded PHP files in the uploads folder using commands like: `find wp-content/uploads/ -type f -name '*.php'` or scan for files containing PHP code with: `grep -r '<?php' wp-content/uploads/`. Additionally, inspecting HTTP traffic for multipart/form-data requests where image uploads are modified to include PHP payloads can help detect exploitation attempts. Tools like Burp Suite can be used to intercept and analyze such requests. [1]

Mitigation Strategies

Immediate mitigation steps include updating the Compress & Upload WordPress plugin to version 1.0.5 or later, where the vulnerability is fixed. Additionally, restrict upload permissions to trusted users only, monitor and remove any suspicious PHP files in the uploads directory, and consider implementing server-side validation to block uploads of executable files disguised as images. Employing web application firewalls (WAF) to detect and block malicious upload attempts can also help mitigate exploitation. [1]

Chat Assistant
Ask questions about this CVE
Hi! I’m here to help you understand CVE-2025-8889. Ask me anything about the vulnerability, its impact, or mitigation strategies.
0/70
EPSS Chart