CVE-2025-9990
BaseFortify
Publication date: 2025-09-05
Last updated on: 2025-09-05
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| smackcoders | wp_helpdesk_integration | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-98 | The PHP application receives input from an upstream component, but it does not restrict or incorrectly restricts the input before its usage in "require," "include," or similar functions. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability is a Local File Inclusion (LFI) issue in the WordPress Helpdesk Integration plugin up to version 5.8.10. It occurs via the portal_type parameter, which allows unauthenticated attackers to include and execute arbitrary PHP files on the server. This means attackers can run any PHP code they upload or control, potentially bypassing access controls and executing malicious actions on the server. [2]
How can this vulnerability impact me? :
The vulnerability can allow attackers to execute arbitrary PHP code on your server without authentication. This can lead to bypassing access controls, unauthorized access to sensitive data, and full code execution on the server. Essentially, it can compromise the confidentiality, integrity, and availability of your WordPress site and its data.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the WordPress Helpdesk Integration plugin is installed and running a vulnerable version (up to and including 5.8.10). Additionally, monitoring HTTP requests for the presence of the 'portal_type' parameter being used to include files can indicate exploitation attempts. A simple detection command could be to search web server logs for requests containing 'portal_type' with suspicious values. For example, using grep on Apache logs: `grep 'portal_type=' /var/log/apache2/access.log`. Also, scanning the plugin files for dynamic inclusion of PHP files based on 'portal_type' parameter can confirm vulnerability presence. Since the plugin dynamically includes PHP files based on 'portal_type' without proper validation, any unusual or unexpected values in this parameter in requests could indicate exploitation attempts. [1, 2]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include: 1) Updating the WordPress Helpdesk Integration plugin to a version later than 5.8.10 where the vulnerability is fixed. 2) If an update is not immediately available, restrict access to the vulnerable plugin files and parameters by implementing web application firewall (WAF) rules to block requests containing the 'portal_type' parameter or suspicious file inclusion patterns. 3) Disable or remove the plugin if it is not essential. 4) Review and restrict file upload capabilities to prevent uploading of arbitrary PHP files that could be included and executed. 5) Monitor logs for exploitation attempts and unauthorized access. These steps help prevent unauthenticated attackers from exploiting the Local File Inclusion vulnerability to execute arbitrary PHP code. [1, 2]