Plattform
wordpress
Komponente
elementor
Behoben in
3.30.3
CVE-2025-8081 addresses an Arbitrary File Read vulnerability discovered in the Elementor Website Builder plugin for WordPress. The vulnerability resides within the Import_Images::import() function, where insufficient controls on the filename specified allow authenticated attackers with administrator-level access to read arbitrary files on the server. This vulnerability affects versions of the Elementor plugin up to and including 3.30.2 and has been resolved in version 3.30.3.
An authenticated attacker, possessing administrator privileges within the WordPress environment, can exploit this vulnerability to read arbitrary files on the server. This includes potentially sensitive configuration files, database credentials, or other data that could compromise the security and integrity of the website. The attacker does not need to upload any malicious files; they can simply manipulate the filename parameter within the Import_Images::import() function to specify the file they wish to read. The potential impact ranges from information disclosure to complete server compromise, depending on the files accessed.
CVE-2025-8081 was published on 2025-08-12 and has a CVSS score of 4.9 (MEDIUM). Public proof-of-concept (POC) exploits are likely to emerge given the relatively straightforward nature of the exploit. Monitor WordPress security forums and vulnerability databases for any updates. The vulnerability requires administrator privileges, limiting the potential attack surface.
Websites utilizing Elementor Website Builder, particularly those with shared hosting environments or legacy WordPress configurations, are at increased risk. WordPress installations with weak password policies or compromised administrator accounts are especially vulnerable. Sites relying on Elementor for critical functionality or handling sensitive user data face a higher potential impact from a successful exploit.
• wordpress / composer / npm:
grep -r "Import_Images::import()" /var/www/html/wp-content/plugins/elementor/• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/elementor/import_images.php?file=/etc/passwd• wordpress / composer / npm:
wp plugin list --status=active | grep elementor• wordpress / composer / npm:
wp plugin update elementordisclosure
Exploit-Status
EPSS
0.07% (21% Perzentil)
CISA SSVC
CVSS-Vektor
The primary mitigation for CVE-2025-8081 is to update the Elementor plugin to version 3.30.3 or later. As a temporary workaround, restrict file upload permissions to prevent attackers from uploading files they can then use to trigger the vulnerability. Implement strict input validation and sanitization on all user-supplied data, particularly filenames, to prevent malicious manipulation. Regularly review WordPress plugin security updates and apply them promptly. After upgrade, confirm by attempting to access a non-existent file through the import functionality and verifying that access is denied.
Actualice el plugin Elementor a la versión 3.30.3 o superior para mitigar la vulnerabilidad de lectura arbitraria de archivos. Esta actualización corrige la falta de validación en el nombre de archivo durante la importación de imágenes, previniendo el acceso no autorizado a archivos sensibles en el servidor.
Schwachstellenanalysen und kritische Warnungen direkt in deinen Posteingang.
CVE-2025-8081 is a vulnerability in Elementor allowing authenticated administrators to read arbitrary files on the server. It affects versions 0.0.0–3.30.2 and has a CVSS score of 4.9 (MEDIUM).
You are affected if you are using Elementor Website Builder versions 0.0.0 through 3.30.2. Check your plugin version and upgrade if necessary.
Upgrade Elementor Website Builder to version 3.30.3 or later to resolve the vulnerability. Consider temporary workarounds like restricting file permissions if immediate upgrade is not possible.
As of the current date, there are no confirmed reports of active exploitation, but the vulnerability's popularity makes it a potential target.
Refer to the official Elementor security advisory for detailed information and updates: [https://elementor.com/security/](https://elementor.com/security/)
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.
Lade deine Abhängigkeitsdatei hoch und erfahre sofort, ob dich diese und andere CVEs treffen.