Plattform
wordpress
Komponente
groundhogg
Behoben in
4.1.2
CVE-2025-4206 is an arbitrary file deletion vulnerability affecting the Groundhogg WordPress plugin, a CRM, newsletter, and marketing automation tool. An authenticated attacker with administrator privileges can exploit this flaw to delete arbitrary files on the server, potentially leading to remote code execution. This vulnerability impacts versions 0.0.0 through 4.1.1.2 of the plugin, and a patch is available.
The primary impact of CVE-2025-4206 is the potential for remote code execution. An authenticated administrator can leverage this vulnerability to delete critical files, such as wp-config.php, which contains sensitive database credentials and configuration settings. Deletion of this file would effectively disable the WordPress site and allow an attacker to potentially gain control of the server. The ability to delete arbitrary files also opens the door to other malicious activities, including data exfiltration and system compromise. This vulnerability shares similarities with other file deletion vulnerabilities where the deletion of key configuration files can lead to complete system takeover.
CVE-2025-4206 is currently not listed on the CISA KEV catalog. The EPSS score is pending evaluation. Public proof-of-concept (PoC) code is not yet publicly available, but the vulnerability's nature makes it likely that a PoC will be developed. The vulnerability was publicly disclosed on 2025-05-09.
Websites utilizing Groundhogg plugin versions 0.0.0 through 4.1.1.2 are at risk, particularly those with administrator accounts that have weak passwords or have been compromised. Shared hosting environments where WordPress installations share resources and user permissions are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.
• wordpress / composer / npm:
grep -r 'process_export_delete' /var/www/html/wp-content/plugins/groundhogg/• wordpress / composer / npm:
wp plugin list --status=active | grep groundhogg• wordpress / composer / npm:
curl -I https://your-wordpress-site.com/wp-content/plugins/groundhogg/ | grep -i 'process_export_delete'disclosure
Exploit-Status
EPSS
5.71% (90% Perzentil)
CISA SSVC
CVSS-Vektor
The immediate mitigation for CVE-2025-4206 is to upgrade Groundhogg to a patched version as soon as it becomes available. If upgrading is not immediately feasible, restrict administrator access to the plugin's export and import functionalities. Implement a Web Application Firewall (WAF) rule to block requests to the processexportdelete and processimportdelete endpoints. Regularly review file permissions on the WordPress installation to ensure that only authorized users have write access to sensitive files. Monitor WordPress logs for suspicious file deletion attempts. After upgrading, confirm the fix by attempting to access the vulnerable endpoints with an administrator account and verifying that file deletion is prevented.
Actualice el plugin Groundhogg a la última versión disponible para solucionar la vulnerabilidad de eliminación arbitraria de archivos. Esta actualización corrige la falta de validación adecuada de las rutas de los archivos, previniendo que atacantes autenticados eliminen archivos sensibles en el servidor, como wp-config.php.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-4206 is a vulnerability in Groundhogg WordPress plugin allowing authenticated administrators to delete arbitrary files, potentially leading to remote code execution.
You are affected if you are using Groundhogg versions 0.0.0 through 4.1.1.2. Upgrade immediately to a patched version.
Upgrade Groundhogg to the latest available version. Monitor the Groundhogg website and WordPress plugin repository for updates.
There is no confirmed active exploitation at this time, but the vulnerability's simplicity suggests it may be exploited soon.
Check the Groundhogg website and the WordPress plugin repository for the official advisory and patch information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.