CVE-2025-8889
BaseFortify
Publication date: 2025-09-09
Last updated on: 2025-11-13
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | compress_then_upload | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
CVE-2025-8889 is a vulnerability in the WordPress plugin "Compress Then Upload" versions before 1.0.5. It allows users with admin privileges to upload arbitrary files, including malicious PHP scripts, to the server by bypassing the plugin's file validation. An attacker can intercept and modify the upload request to disguise a PHP web shell as an image file, which the server then saves and allows to be executed, leading to potential remote code execution. [1]
How can this vulnerability impact me? :
This vulnerability can allow an attacker with admin access to upload and execute arbitrary code on the server, potentially leading to full system compromise. The attacker can run system commands remotely via the uploaded PHP web shell, which can result in data theft, site defacement, malware installation, or further attacks on the hosting environment. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by monitoring for suspicious file uploads in the WordPress uploads directory, especially files with PHP extensions or files that contain PHP code disguised as images. One can search for recently uploaded PHP files in the uploads folder using commands like: `find wp-content/uploads/ -type f -name '*.php'` or scan for files containing PHP code with: `grep -r '<?php' wp-content/uploads/`. Additionally, inspecting HTTP traffic for multipart/form-data requests where image uploads are modified to include PHP payloads can help detect exploitation attempts. Tools like Burp Suite can be used to intercept and analyze such requests. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the Compress & Upload WordPress plugin to version 1.0.5 or later, where the vulnerability is fixed. Additionally, restrict upload permissions to trusted users only, monitor and remove any suspicious PHP files in the uploads directory, and consider implementing server-side validation to block uploads of executable files disguised as images. Employing web application firewalls (WAF) to detect and block malicious upload attempts can also help mitigate exploitation. [1]