WordPress WP shop plugin <= 2.6.1 - CSRF to Arbitrary File Upload vulnerability
wird übersetzt…Plattform
wordpress
Komponente
wpshop
Behoben in
2.6.2
CVE-2025-32576 is a critical Cross-Site Request Forgery (CSRF) vulnerability affecting WP shop, a WordPress plugin developed by Agence web Eoxia. This vulnerability allows an attacker to upload a malicious Web Shell to the web server, potentially leading to complete server compromise. The vulnerability impacts versions from 0.0.0 up to and including 2.6.1, and a patch is available in version 2.6.2.
Erkenne diese CVE in deinem Projekt
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Auswirkungen und Angriffsszenarien
The primary impact of CVE-2025-32576 is the ability for an attacker to upload a web shell to the WordPress server. A web shell is a malicious script that allows an attacker to execute arbitrary commands on the server with the privileges of the web server user. This can lead to complete server compromise, including data exfiltration, malware installation, and defacement. The CSRF nature of the vulnerability means an attacker can trigger the upload without direct user interaction, making it particularly dangerous. Successful exploitation could allow attackers to gain persistent access to the server and compromise sensitive data stored within the WordPress installation or connected databases.
Ausnutzungskontext
CVE-2025-32576 was publicly disclosed on 2025-04-09. While no public proof-of-concept (PoC) code has been released at the time of writing, the severity of the vulnerability (CRITICAL) and the ease of exploitation (CSRF) suggest a high probability of exploitation. It is not currently listed on the CISA KEV catalog. Monitor security advisories and threat intelligence feeds for any indications of active exploitation campaigns targeting WP shop installations.
Wer Ist Gefährdetwird übersetzt…
Organizations using WP shop plugin in their WordPress installations are at risk, particularly those running older, unpatched versions (0.0.0–2.6.1). Shared hosting environments are especially vulnerable, as they often have limited control over plugin updates and security configurations. Sites with custom themes or plugins that interact with WP shop are also at increased risk.
Erkennungsschrittewird übersetzt…
• wordpress / composer / npm:
wp plugin list | grep wpshop• wordpress / composer / npm:
wp plugin update --all• wordpress / composer / npm:
grep -r 'Agence web Eoxia' /var/www/html/wp-content/plugins/• generic web: Check for unusual files in the WordPress plugin directory (e.g., PHP files with suspicious names or content).
Angriffszeitlinie
- Disclosure
disclosure
Bedrohungsanalyse
Exploit-Status
EPSS
0.09% (26% Perzentil)
CISA SSVC
CVSS-Vektor
Was bedeuten diese Metriken?
- Attack Vector
- Netzwerk — aus der Ferne über das Internet ausnutzbar. Kein physischer oder lokaler Zugriff erforderlich.
- Attack Complexity
- Niedrig — keine besonderen Bedingungen erforderlich. Zuverlässig ausnutzbar.
- Privileges Required
- Keine — ohne Authentifizierung ausnutzbar. Keine Zugangsdaten erforderlich.
- User Interaction
- Erforderlich — Opfer muss eine Datei öffnen, auf einen Link klicken oder eine Seite besuchen.
- Scope
- Geändert — Angriff kann über die anfällige Komponente hinaus auf andere Systeme übergreifen.
- Confidentiality
- Hoch — vollständiger Vertraulichkeitsverlust. Angreifer kann alle Daten lesen.
- Integrity
- Hoch — Angreifer kann beliebige Daten schreiben, ändern oder löschen.
- Availability
- Hoch — vollständiger Absturz oder Ressourcenerschöpfung. Totaler Denial of Service.
Betroffene Software
Paketinformationen
- Aktive Installationen
- 60Bekannt
- Plugin-Bewertung
- 4.5
- Erfordert WordPress
- 4.4+
- Kompatibel bis
- 6.8.5
- Erfordert PHP
- 7.4.33+
Schwachstellen-Klassifikation (CWE)
Zeitleiste
- Reserviert
- Veröffentlicht
- Geändert
- EPSS aktualisiert
Mitigation und Workarounds
The primary mitigation for CVE-2025-32576 is to immediately upgrade the WP shop plugin to version 2.6.2 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These may include implementing strict input validation and sanitization on file uploads within the plugin, as well as enabling CSRF protection mechanisms at the WordPress server level. Web Application Firewalls (WAFs) can be configured to detect and block suspicious file upload requests. After upgrading, verify the fix by attempting a file upload through a web browser while observing server logs for any unauthorized activity.
So behebenwird übersetzt…
Actualice el plugin WP shop a la versión 2.6.2 o superior para mitigar la vulnerabilidad de Cross-Site Request Forgery (CSRF) que permite la subida de un web shell al servidor. Asegúrese de realizar una copia de seguridad de su sitio web antes de actualizar el plugin. Consulte la documentación del plugin para obtener instrucciones detalladas sobre cómo actualizar.
CVE-Sicherheitsnewsletter
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
Häufig gestellte Fragenwird übersetzt…
What is CVE-2025-32576 — CSRF in WP shop?
CVE-2025-32576 is a critical Cross-Site Request Forgery (CSRF) vulnerability in the WP shop WordPress plugin, allowing attackers to upload a Web Shell.
Am I affected by CVE-2025-32576 in WP shop?
You are affected if you are using WP shop versions 0.0.0 through 2.6.1. Upgrade immediately.
How do I fix CVE-2025-32576 in WP shop?
Upgrade WP shop to version 2.6.2 or later. If immediate upgrade is not possible, implement temporary workarounds like restricting file uploads.
Is CVE-2025-32576 being actively exploited?
While no active exploitation campaigns have been confirmed, the vulnerability's severity and ease of exploitation suggest a high risk of exploitation.
Where can I find the official WP shop advisory for CVE-2025-32576?
Refer to the official WP shop website and WordPress security announcements for the latest advisory and updates.
Ist dein Projekt betroffen?
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.