Platform
wordpress
Component
wp-user-frontend-pro
Fixed in
4.1.4
CVE-2025-3055 describes an arbitrary file access vulnerability discovered in the WP User Frontend Pro plugin for WordPress. This flaw allows authenticated attackers, even those with Subscriber-level access, to delete files on the server. The most severe impact arises from the potential to delete critical configuration files like wp-config.php, leading to remote code execution. The vulnerability affects versions 0.0.0 through 4.1.3, and a patch is available in version 4.1.4.
The primary impact of CVE-2025-3055 is the ability for an authenticated attacker to delete arbitrary files on a WordPress server. While seemingly limited to file deletion, the potential for remote code execution is significant. Specifically, deleting the wp-config.php file, which contains sensitive database credentials and configuration settings, would effectively disable the WordPress site and allow an attacker to potentially inject malicious code upon site restoration or re-configuration. This could lead to complete compromise of the web server and any associated databases. The ease of exploitation, requiring only Subscriber-level access, broadens the attack surface considerably.
CVE-2025-3055 was publicly disclosed on 2025-06-05. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's simplicity suggests that a PoC is likely to emerge. The EPSS score is likely to be medium, given the ease of exploitation and potential impact. It is not currently listed on the CISA KEV catalog.
Exploit Status
EPSS
2.19% (84% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-3055 is to immediately upgrade the WP User Frontend Pro plugin to version 4.1.4 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider restricting file access permissions on the server to minimize the impact of a successful attack. Implement a Web Application Firewall (WAF) with rules to block suspicious file deletion requests targeting the deleteavatarajax() endpoint. Regularly review WordPress user roles and permissions to ensure the principle of least privilege is enforced, limiting the number of users with elevated access. After upgrading, confirm the vulnerability is resolved by attempting a file deletion request through the plugin's interface with a low-privileged user account and verifying that the request is denied.
Actualice el plugin WP User Frontend Pro a la versión 4.1.4 o superior para solucionar la vulnerabilidad de eliminación arbitraria de archivos. Esta actualización corrige la falta de validación adecuada de las rutas de archivo, previniendo que atacantes autenticados eliminen archivos sensibles en el servidor, como wp-config.php.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-3055 is a HIGH severity vulnerability allowing authenticated WordPress users to delete arbitrary files, potentially leading to remote code execution via deletion of wp-config.php. It affects versions 0.0.0–4.1.3.
You are affected if your WordPress site uses WP User Frontend Pro version 0.0.0 through 4.1.3. Check your plugin version and upgrade immediately if vulnerable.
Upgrade the WP User Frontend Pro plugin to version 4.1.4 or later to remediate the vulnerability. Consider temporary mitigations like WAF rules if immediate upgrade is not possible.
While no active exploitation has been confirmed, the vulnerability's simplicity suggests it is likely to be targeted. Monitor your systems closely.
Refer to the official WP User Frontend Pro website and WordPress plugin repository for the latest advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.