Plattform
wordpress
Komponente
wp-user-frontend-pro
Behoben in
4.1.4
CVE-2025-3055 describes an arbitrary file access vulnerability discovered in the WP User Frontend Pro plugin for WordPress. This flaw allows authenticated attackers, even those with Subscriber-level access, to delete files on the server. The most severe impact arises from the potential to delete critical configuration files like wp-config.php, leading to remote code execution. The vulnerability affects versions 0.0.0 through 4.1.3, and a patch is available in version 4.1.4.
The core of the vulnerability lies in the deleteavatarajax() function, which lacks proper file path validation. An attacker can craft a malicious request to delete any file the web server user has write access to. While deleting avatar images might seem trivial, the ability to delete wp-config.php is a critical escalation path. Deleting wp-config.php effectively disables the WordPress site and allows an attacker to potentially upload a malicious PHP script, granting them complete control over the server. This is a classic attack vector for gaining persistent access and deploying malware. The ease of exploitation, combined with the potential for complete server compromise, makes this a high-priority vulnerability.
This vulnerability was publicly disclosed on 2025-06-05. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the potential for RCE make it a likely target. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are expected to emerge quickly given the vulnerability's nature.
WordPress sites utilizing the WP User Frontend Pro plugin, particularly those with a large number of users with Subscriber or higher roles, are at significant risk. Shared hosting environments where users have limited control over server file permissions are also particularly vulnerable. Sites relying on older, unpatched versions of the plugin are most exposed.
• wordpress / composer / npm:
grep -r 'delete_avatar_ajax' /var/www/html/wp-content/plugins/wp-user-frontend-pro/• wordpress / composer / npm:
wp plugin list --status=inactive | grep 'wp-user-frontend-pro'• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-content/plugins/wp-user-frontend-pro/ | grep -i 'wp-config.php'disclosure
Exploit-Status
EPSS
2.19% (84% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation is to immediately upgrade the WP User Frontend Pro plugin to version 4.1.4 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting file write permissions for the web server user to only the necessary directories. Implement a Web Application Firewall (WAF) rule to block requests containing suspicious file paths or attempts to access sensitive files like wp-config.php. Regularly review file permissions and ensure that the WordPress installation follows security best practices. After upgrading, verify the fix by attempting to delete a non-avatar file via the plugin's AJAX endpoint; the request should be rejected.
Actualice el plugin WP User Frontend Pro a la versión 4.1.4 o superior para solucionar la vulnerabilidad de eliminación arbitraria de archivos. Esta actualización corrige la falta de validación adecuada de las rutas de archivo, previniendo que atacantes autenticados eliminen archivos sensibles en el servidor, como wp-config.php.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-3055 is a HIGH severity vulnerability allowing authenticated WordPress users to delete arbitrary files, potentially leading to remote code execution via deletion of wp-config.php. It affects versions 0.0.0–4.1.3.
You are affected if your WordPress site uses WP User Frontend Pro version 0.0.0 through 4.1.3. Check your plugin version and upgrade immediately if vulnerable.
Upgrade the WP User Frontend Pro plugin to version 4.1.4 or later to remediate the vulnerability. Consider temporary mitigations like WAF rules if immediate upgrade is not possible.
While no active exploitation has been confirmed, the vulnerability's simplicity suggests it is likely to be targeted. Monitor your systems closely.
Refer to the official WP User Frontend Pro website and WordPress plugin repository for the latest advisory and update information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.