Plattform
wordpress
Komponente
fw-food-menu
Behoben in
6.0.1
CVE-2025-49447 describes an Arbitrary File Access vulnerability within the FW Food Menu component developed by Fastw3b LLC. This flaw enables unauthorized users to upload files of any type, regardless of intended restrictions, potentially leading to severe consequences. The vulnerability impacts versions of FW Food Menu prior to 6.0.1. A patch is available in version 6.0.1.
The Arbitrary File Access vulnerability in FW Food Menu poses a significant risk. An attacker could upload a web shell, allowing them to execute arbitrary commands on the server with the privileges of the web application. This could lead to complete system compromise, including data exfiltration, modification, or deletion. Furthermore, the attacker could leverage this access to move laterally within the network, targeting other vulnerable systems. The unrestricted nature of the upload makes this vulnerability particularly dangerous, as attackers are not limited in the type of malicious files they can upload.
CVE-2025-49447 was published on 2025-06-17. The CVSS score of 10 (CRITICAL) indicates a high probability of exploitation. Public proof-of-concept (POC) code is likely to emerge given the ease of exploitation associated with unrestricted file uploads. Monitor security advisories and threat intelligence feeds for reports of active exploitation campaigns targeting this vulnerability. The NVD and CISA websites should be consulted for further updates.
Exploit-Status
EPSS
0.10% (29% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-49447 is to immediately upgrade to version 6.0.1 of FW Food Menu. If upgrading is not immediately feasible, consider implementing temporary workarounds. Restrict file uploads to only explicitly allowed file types using server-side validation. Implement strict file size limits to prevent large, potentially malicious files from being uploaded. Configure a Web Application Firewall (WAF) to block suspicious file upload attempts. Monitor file upload directories for unexpected or unauthorized files. After upgrading, confirm the vulnerability is resolved by attempting to upload a test file with a known dangerous extension (e.g., .php) and verifying that the upload is rejected.
Actualice el plugin FW Food Menu a la última versión disponible para solucionar la vulnerabilidad de subida de archivos arbitrarios. Verifique las actualizaciones disponibles en el panel de administración de WordPress o a través del repositorio de plugins de WordPress. Asegúrese de realizar una copia de seguridad completa de su sitio web antes de aplicar cualquier actualización.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
It's a critical Arbitrary File Access vulnerability in Fastw3b LLC's FW Food Menu, allowing attackers to upload malicious files.
If you're using FW Food Menu versions prior to 6.0.1, you are vulnerable. Check your installation immediately.
Upgrade to FW Food Menu version 6.0.1 or later. Implement temporary workarounds like file type restrictions if immediate upgrade isn't possible.
While no active campaigns are currently known, the vulnerability's severity and ease of exploitation suggest it's a potential target.
Refer to the official Fastw3b LLC advisory (if available) and the NVD entry for CVE-2025-49447 for detailed information.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.