CVE-2025-12171
BaseFortify
Publication date: 2025-11-01
Last updated on: 2025-11-04
Assigner: Wordfence
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| wordpress | restful_content_syndication | 1.6.0 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-434 | The product allows the upload or transfer of dangerous file types that are automatically processed within its environment. |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
This vulnerability exists in the RESTful Content Syndication plugin for WordPress (versions 1.1.0 to 1.5.0). It allows authenticated users with Author-level access or higher to upload arbitrary files to the server because the plugin's ingest_image() function lacks proper file type validation. This arbitrary file upload could lead to remote code execution if exploited. The attacker must have access to a specified third-party server configured in the plugin settings, making exploitation less likely for lower-privileged users like contributors and more likely for administrators who can access plugin settings.
How can this vulnerability impact me? :
If exploited, this vulnerability can allow an attacker with Author-level or higher access to upload arbitrary files to your WordPress server. This could lead to remote code execution, enabling the attacker to run malicious code on your server, potentially compromising your website, stealing data, defacing content, or using your server for further attacks. Since exploitation requires access to a configured third-party server and elevated privileges, the risk is higher if an administrator account is compromised.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
Detection of this vulnerability involves identifying if the WordPress site is running the RESTful Content Syndication plugin versions 1.1.0 to 1.5.0 and if there are any suspicious file uploads by authenticated users with Author-level access or higher. You can check the installed plugin version via WP-CLI with the command: `wp plugin list --format=json` and look for 'restful-syndication' plugin version. Additionally, monitoring web server logs for unusual POST requests to the plugin's upload endpoints or unexpected file uploads in the WordPress uploads directory may help. For example, you can use commands like `grep 'restful-syndication' /var/log/apache2/access.log` or `find wp-content/uploads/ -type f -mtime -7` to find recently uploaded files. Also, checking for files with suspicious extensions or unexpected PHP files in the uploads directory can indicate exploitation attempts. [1]
What immediate steps should I take to mitigate this vulnerability?
Immediate mitigation steps include updating the RESTful Content Syndication plugin to version 1.6.0 or later, where the vulnerability is fixed. If updating is not immediately possible, restrict Author-level and higher user access to the plugin settings and file upload functionalities. Additionally, review and limit the trusted third-party servers configured in the plugin settings to reduce exposure. Monitoring and auditing user activities related to file uploads and plugin usage is also recommended to detect any exploitation attempts. [1]