Plattform
wordpress
Komponente
wolf
Behoben in
1.0.9
CVE-2025-24605 describes a Path Traversal vulnerability discovered in the WOLF bulk-editor, a WordPress plugin. This vulnerability allows unauthorized access to sensitive files on the server. Versions of WOLF bulk-editor from 0.0.0 up to and including 1.0.8.5 are affected. A patch is available in version 1.0.9.
The Path Traversal vulnerability in WOLF bulk-editor enables an attacker to bypass intended access restrictions and retrieve arbitrary files from the server's file system. This could include configuration files containing database credentials, source code exposing sensitive logic, or other confidential data. Successful exploitation could lead to complete compromise of the WordPress instance and potentially the underlying server. The attacker could gain access to user data, modify website content, or even execute arbitrary code if the retrieved files contain executable scripts.
CVE-2025-24605 was publicly disclosed on 2025-02-03. Currently, there are no known public exploits or active campaigns targeting this vulnerability. The EPSS score is pending evaluation. Monitor security advisories and threat intelligence feeds for any updates regarding exploitation attempts.
WordPress websites utilizing the WOLF bulk-editor plugin, particularly those running older versions (0.0.0 - 1.0.8.5), are at risk. Shared hosting environments where plugin updates are managed by the hosting provider should also be monitored to ensure timely patching.
• wordpress / composer / npm:
grep -r "../" /var/www/html/wp-content/plugins/wolf-bulk-editor/• generic web:
curl -I http://your-wordpress-site.com/wp-content/plugins/wolf-bulk-editor/../../../../etc/passwddisclosure
Exploit-Status
EPSS
0.09% (25% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-24605 is to immediately upgrade the WOLF bulk-editor plugin to version 1.0.9 or later. If upgrading is not immediately feasible due to compatibility issues or testing requirements, consider implementing temporary workarounds. These may include restricting file access permissions on the server, using a Web Application Firewall (WAF) to block requests containing path traversal attempts (e.g., '../' sequences), and carefully reviewing the plugin's code for any other potential vulnerabilities. After upgrading, verify the fix by attempting to access files outside the intended directory through the plugin's interface.
Actualice el plugin WOLF a una versión corregida. Consulte las notas de la versión del plugin o el sitio web del desarrollador para obtener más información sobre las versiones disponibles y las instrucciones de actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-24605 is a Path Traversal vulnerability affecting the WOLF bulk-editor WordPress plugin, allowing attackers to access arbitrary files on the server.
You are affected if you are using WOLF bulk-editor versions 0.0.0 through 1.0.8.5. Upgrade to 1.0.9 or later to mitigate the risk.
Upgrade the WOLF bulk-editor plugin to version 1.0.9 or later. If upgrading is not possible, restrict access to the plugin directory and implement WAF rules.
As of now, there are no confirmed reports of active exploitation, but the vulnerability's nature suggests potential for future attacks.
Refer to the plugin developer's website or WordPress plugin repository for the official advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.