Plattform
wordpress
Komponente
javo-core
Behoben in
3.0.1
CVE-2025-0177 is a critical privilege escalation vulnerability affecting the Javo Core plugin for WordPress. This flaw allows unauthenticated attackers to elevate their privileges to administrator level by simply creating a new user account. The vulnerability impacts versions 0 through 3.0.0.080 of the plugin. A patch is expected from the vendor.
The impact of CVE-2025-0177 is severe. Successful exploitation grants an attacker full administrative access to the WordPress site. This includes the ability to modify content, install malicious plugins, steal sensitive data (user credentials, database information), and potentially pivot to other systems on the network. The ease of exploitation – simply creating a new account – significantly increases the risk of compromise, especially for sites with weak security practices or those running older, unpatched versions of WordPress and the Javo Core plugin. This vulnerability is analogous to other WordPress privilege escalation flaws where improper role assignment controls are exploited.
CVE-2025-0177 was publicly disclosed on 2025-03-08. While no public proof-of-concept (PoC) has been released, the simplicity of the vulnerability suggests a high probability of exploitation. The vulnerability is not currently listed on the CISA KEV catalog. Active campaigns targeting WordPress plugins are common, so this vulnerability is likely to be targeted.
WordPress websites using the Javo Core plugin, particularly those with default or weak security configurations, are at significant risk. Shared hosting environments where multiple websites share the same server infrastructure are also vulnerable, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
wp plugin list | grep javo-core• wordpress / composer / npm:
wp plugin update javo-core --all• wordpress / composer / npm:
wp plugin status javo-core• wordpress / composer / npm:
wp user list --field=role• wordpress / composer / npm:
wp user search --role=administratordisclosure
Exploit-Status
EPSS
0.73% (73% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-0177 is to upgrade the Javo Core plugin to a version that addresses the vulnerability. If immediate upgrading is not possible due to compatibility issues or breaking changes, consider temporarily restricting new user registration or implementing stricter role assignment policies. WordPress administrators should review user accounts and remove any suspicious accounts with elevated privileges. Web application firewalls (WAFs) can be configured to block requests associated with account creation attempts that exhibit malicious patterns. Monitor WordPress logs for unusual account creation activity.
Aktualisieren Sie das Javo Core Plugin auf eine korrigierte Version. Die Vulnerabilität ermöglicht es nicht authentifizierten Benutzern, Administratorrollen zuzuweisen, daher ist es entscheidend, das Update anzuwenden, um das Risiko einer Privilege Escalation zu mindern.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-0177 is a critical vulnerability in the Javo Core WordPress plugin that allows unauthenticated attackers to gain administrator privileges by creating new user accounts, granting them full control over the website.
If you are using Javo Core plugin versions 0 through 3.0.0.080, you are potentially affected by this vulnerability. Check your plugin version and upgrade as soon as a patch is available.
The recommended fix is to upgrade to a patched version of the Javo Core plugin. Until a patch is released, disable user registration or implement a WAF to block suspicious account creation attempts.
While active exploitation is not yet confirmed, the vulnerability's critical severity and ease of exploitation suggest it is likely to be targeted soon. Monitor security advisories and threat intelligence feeds.
Refer to the Javo Core plugin's official website or WordPress plugin repository for the latest security advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.