Plattform
wordpress
Komponente
wp-db-booster
Behoben in
1.0.2
CVE-2025-14168 describes a Cross-Site Request Forgery (CSRF) vulnerability affecting the WP DB Booster plugin for WordPress. This flaw allows unauthenticated attackers to potentially delete critical database records, including post drafts, revisions, comments, and metadata. The vulnerability impacts versions 1.0.0 through 1.0.1, and a patch is expected to be released by the plugin developer.
The impact of this CSRF vulnerability is significant, particularly for WordPress sites relying on the WP DB Booster plugin for database optimization. An attacker who can trick a site administrator into clicking a malicious link can trigger actions that delete essential data. This could lead to data loss, disruption of site functionality, and potential defacement. The attacker does not need to authenticate to exploit the vulnerability, making it easier to execute. The ability to delete post drafts and revisions could hinder content creation and recovery efforts.
This vulnerability was publicly disclosed on 2025-12-20. There are currently no known public proof-of-concept exploits available. The CVSS score of 4.3 (Medium) indicates a moderate risk. It is not currently listed on the CISA KEV catalog. Active exploitation is not confirmed at this time, but the ease of exploitation warrants monitoring.
WordPress sites utilizing the WP DB Booster plugin, particularly those with site administrators who are susceptible to social engineering attacks, are at risk. Shared hosting environments where multiple WordPress sites share the same server resources could also be affected, as an attacker could potentially exploit the vulnerability on one site to impact others.
• wordpress / composer / npm:
grep -r 'cleanup_all' /var/www/html/wp-content/plugins/wp-db-booster/• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'wp-db-booster'• wordpress / composer / npm:
curl -I 'https://your-wordpress-site.com/wp-admin/admin-ajax.php?action=cleanup_all' | grep '200 OK'disclosure
Exploit-Status
EPSS
0.02% (3% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-14168 is to upgrade to a patched version of the WP DB Booster plugin as soon as it becomes available. Until a patch is released, consider implementing temporary workarounds. These might include restricting access to the cleanup_all AJAX action using a WordPress firewall (WAF) or proxy server to filter requests. Implementing strict input validation and output encoding on all user-supplied data can also help reduce the attack surface. Monitor WordPress logs for suspicious activity related to the plugin's AJAX endpoints. After upgrading, confirm the vulnerability is resolved by attempting a crafted CSRF request and verifying that it is blocked.
Kein bekannter Patch verfügbar. Bitte überprüfen Sie die Details der Vulnerability im Detail und setzen Sie Mitigationen basierend auf der Risikobereitschaft Ihrer Organisation ein. Es kann am besten sein, die betroffene Software zu deinstallieren und eine Alternative zu finden.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-14168 is a Cross-Site Request Forgery (CSRF) vulnerability in the WP DB Booster plugin for WordPress versions 1.0.0–1.0.1, allowing attackers to delete database records via forged requests.
If you are using the WP DB Booster plugin in versions 1.0.0 through 1.0.1, you are potentially affected by this vulnerability. Check your plugin versions immediately.
Upgrade to the latest version of the WP DB Booster plugin as soon as a patch is released. Until then, consider implementing WAF rules or restricting access to the vulnerable AJAX action.
Active exploitation is not currently confirmed, but the vulnerability's ease of exploitation warrants monitoring and proactive mitigation.
Refer to the WP DB Booster plugin's official website or WordPress plugin repository for updates and advisories related to CVE-2025-14168.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.