CVE-2025-10406
BaseFortify
Publication date: 2025-10-15
Last updated on: 2025-10-16
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| blindmatrix | e-commerce | * |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability in the BlindMatrix e-Commerce WordPress plugin (versions before 3.1) is a Local File Inclusion (LFI) issue. It occurs because the plugin does not properly validate certain shortcode attributes before using them to build file paths that are passed to PHP include functions. This allows any authenticated user with contributor-level permissions or higher to exploit the flaw and include local files on the server, potentially accessing sensitive system files. [1]
How can this vulnerability impact me? :
The vulnerability can allow authenticated users with contributor-level access to perform Local File Inclusion attacks. This means they could read sensitive files on the server, such as configuration files or password files, which could lead to information disclosure, further system compromise, or unauthorized access to sensitive data. [1]
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by checking if the BlindMatrix e-Commerce WordPress plugin version is prior to 3.1 and by testing for Local File Inclusion (LFI) exploitation attempts. One way to detect exploitation attempts is to look for usage of the shortcode with suspicious attributes, for example: `[BlindMatrix source="/etc/passwd"]`. You can search WordPress content or logs for this shortcode pattern. Additionally, monitoring web server logs for requests containing this shortcode or unusual file inclusion attempts may help detect exploitation. Specific commands could include searching the WordPress database or files for the shortcode pattern, e.g., using grep: `grep -r '\[BlindMatrix source=' /path/to/wordpress` or querying the database for posts containing the shortcode. Also, inspecting web server access logs for requests with this shortcode or unusual parameters can be done with commands like `grep 'BlindMatrix source=' /var/log/apache2/access.log`. [1]
What immediate steps should I take to mitigate this vulnerability?
The immediate mitigation step is to update the BlindMatrix e-Commerce WordPress plugin to version 3.1 or later, where the vulnerability has been fixed. Until the update can be applied, restrict authenticated user permissions to prevent contributors or lower roles from using shortcodes that could exploit this vulnerability. Additionally, consider disabling shortcode execution for untrusted users or applying web application firewall (WAF) rules to block suspicious shortcode usage patterns related to this vulnerability. [1]