CVE-2025-12835
BaseFortify
Publication date: 2025-12-12
Last updated on: 2025-12-12
Assigner: WPScan
Description
Description
CVSS Scores
EPSS Scores
| Probability: | |
| Percentile: |
Meta Information
Affected Vendors & Products
| Vendor | Product | Version / Range |
|---|---|---|
| woomulti | wordpress_plugin | 1.7 |
Helpful Resources
Exploitability
| CWE ID | Description |
|---|---|
| CWE-UNKNOWN |
Attack-Flow Graph
AI Powered Q&A
Can you explain this vulnerability to me?
The WooMulti WordPress plugin up to version 17 does not properly validate a file parameter when deleting files. This flaw allows any authenticated user, including low-privileged users like subscribers, to delete arbitrary files on the server.
How can this vulnerability impact me? :
This vulnerability can allow authenticated users to delete any files on the server, potentially leading to data loss, disruption of website functionality, or compromise of server integrity.
How can this vulnerability be detected on my network or system? Can you suggest some commands?
This vulnerability can be detected by attempting to reproduce the exploit scenario. Place a test file (e.g., test.php) in the root WordPress directory, then send a crafted POST request to the admin-ajax.php endpoint with parameters specifying the deletion action and a path traversal sequence targeting the test file. For example, using curl: curl -X POST -d 'action=delete_file&file=.../../../test.php' https://yourwordpresssite.com/wp-admin/admin-ajax.php with an authenticated subscriber cookie. If the test file is deleted, the vulnerability exists. [1]
What immediate steps should I take to mitigate this vulnerability?
Since there is currently no known fix for this issue, immediate mitigation steps include restricting subscriber-level user permissions to prevent file deletion actions, monitoring and logging POST requests to admin-ajax.php for suspicious file deletion attempts, and removing or limiting access to the vulnerable WooMulti plugin until a patch is released. [1]