Platform
wordpress
Component
hiweb-export-posts
Fixed in
0.9.1
CVE-2025-7640 is an Arbitrary File Access vulnerability discovered in the hiWeb Export Posts plugin for WordPress. This vulnerability allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution. The vulnerability affects versions 0.0.0 through 0.9.0.0. A fix is expected in a future plugin release.
The primary impact of CVE-2025-7640 is the ability for an attacker to delete files on a WordPress server. This is achieved through a Cross-Site Request Forgery (CSRF) attack exploiting insufficient nonce validation in the tool-dashboard-history.php file. If an attacker can trick a site administrator into clicking a malicious link, they can initiate a forged request to delete files. The most critical scenario involves deleting the wp-config.php file, which contains sensitive database credentials and configuration settings. Deletion of this file would effectively grant the attacker complete control over the WordPress installation, enabling remote code execution and data exfiltration. The ease of exploitation, combined with the potential for complete system compromise, makes this a significant threat.
CVE-2025-7640 was publicly disclosed on 2025-07-24. No public proof-of-concept (PoC) code has been released at the time of writing, but the vulnerability's nature and the ease of CSRF exploitation suggest a high probability of PoC development and potential exploitation. It is not currently listed on the CISA KEV catalog. Given the widespread use of WordPress and the potential for RCE, this vulnerability warrants immediate attention.
Exploit Status
EPSS
0.49% (65% percentile)
CISA SSVC
CVSS Vector
The immediate mitigation for CVE-2025-7640 is to upgrade the hiWeb Export Posts plugin to a patched version as soon as it becomes available. Until a patch is released, consider disabling the plugin entirely to prevent exploitation. Implement strict CSRF protection measures on your WordPress site, including ensuring all forms and sensitive actions utilize strong, unpredictable nonces. Web Application Firewalls (WAFs) can be configured to detect and block malicious requests targeting the tool-dashboard-history.php file. Monitor WordPress logs for suspicious activity, particularly requests originating from unfamiliar IP addresses or user agents. Regularly back up your wp-config.php file to facilitate restoration in case of accidental or malicious deletion.
Actualice el plugin hiWeb Export Posts a la última versión disponible para mitigar la vulnerabilidad de Cross-Site Request Forgery. Verifique las actualizaciones en el repositorio de plugins de WordPress o en el sitio web del desarrollador. Implemente medidas de seguridad adicionales, como la validación de entrada y la limitación de privilegios de usuario, para reducir el riesgo de explotación.
Vulnerability analysis and critical alerts directly to your inbox.
CVE-2025-7640 is a Cross-Site Request Forgery (CSRF) vulnerability in the hiWeb Export Posts WordPress plugin allowing attackers to delete files, potentially leading to remote code execution.
You are affected if your WordPress site uses the hiWeb Export Posts plugin in versions 0.0.0–0.9.0.0.
Upgrade the hiWeb Export Posts plugin to a patched version as soon as it is available. Disable the plugin as a temporary workaround.
While no public exploits are currently known, the vulnerability's nature suggests a high probability of exploitation.
Check the hiWeb Export Posts plugin's official website or WordPress plugin repository for updates and advisories.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.
Upload your dependency file and we'll tell you instantly if this and other CVEs hit you.