Platform
wordpress
Component
ar-for-wordpress
Fixed in
8.34.1
CVE-2025-60156 describes a Cross-Site Request Forgery (CSRF) vulnerability discovered in AR For WordPress. This flaw allows an attacker to upload a malicious web shell to the web server, potentially granting them complete control. The vulnerability affects versions from 0.0.0 through 8.34, and a patch is available in version 7.98.1.
The impact of this CSRF vulnerability is severe. Successful exploitation allows an attacker to upload a web shell, effectively gaining remote code execution (RCE) capabilities on the affected WordPress server. This can lead to complete server compromise, including data theft, modification, or deletion. The attacker could also use the compromised server as a launchpad for further attacks against other systems within the network. The ability to upload arbitrary code makes this a high-priority vulnerability requiring immediate attention.
This vulnerability was publicly disclosed on 2025-09-26. While no active exploitation campaigns have been publicly confirmed, the ease of exploitation and the potential for significant impact make it a likely target. The ability to upload a web shell directly elevates the risk profile significantly. No KEV listing is currently available.
Exploit Status
EPSS
0.02% (5% percentile)
CISA SSVC
CVSS Vector
The primary mitigation for CVE-2025-60156 is to immediately upgrade AR For WordPress to version 7.98.1 or later. If upgrading is not immediately feasible, consider implementing strict input validation and output encoding on all user-supplied data within the AR For WordPress plugin. Additionally, implement a Content Security Policy (CSP) to restrict the sources from which scripts can be executed. Monitor web server access logs for suspicious file uploads or unusual activity. After upgrading, confirm the fix by attempting a CSRF attack via a known vulnerable endpoint and verifying that the request is blocked.
Update the AR For WordPress plugin to the latest available version to mitigate the Cross-Site Request Forgery (CSRF) vulnerability. Check for updates in the WordPress repository or on the developer's website. Implement additional security measures, such as input validation and CSRF protection, to strengthen the security of your website.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-60156 is a critical Cross-Site Request Forgery (CSRF) vulnerability in AR For WordPress allowing attackers to upload web shells, potentially leading to server compromise.
If you are using AR For WordPress versions 0.0.0 through 8.34, you are affected by this vulnerability. Upgrade immediately.
Upgrade AR For WordPress to version 7.98.1 or later to resolve this vulnerability. Consider implementing additional security measures like CSP if immediate upgrade isn't possible.
While no active exploitation campaigns have been publicly confirmed, the vulnerability's severity and ease of exploitation make it a likely target.
Refer to the official AR For WordPress website or plugin repository for the latest security advisory and update information.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.