Plateforme
wordpress
Composant
bidorbuystoreintegrator
Corrigé dans
2.12.1
CVE-2025-48100 describes a Remote Code Execution (RCE) vulnerability within the extremeidea bidorbuy Store Integrator plugin for WordPress. This flaw, stemming from improper control of code generation (Code Injection), allows attackers to achieve Remote Code Inclusion. The vulnerability impacts versions from 0.0.0 through 2.12.0, and a patch is available in version 2.12.1.
The impact of this RCE vulnerability is severe. An attacker can exploit this flaw to execute arbitrary code on the affected WordPress server. This could lead to complete system compromise, including data theft, modification, or deletion. The attacker could also install malware, create backdoors for persistent access, or use the compromised server as a launchpad for further attacks against other systems on the network. The ability to achieve Remote Code Inclusion significantly expands the attack surface and potential damage.
CVE-2025-48100 has been publicly disclosed and assigned a CRITICAL CVSS score of 9.1. As of the publication date (2025-08-28), there is no indication of active exploitation campaigns. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the severity and ease of exploitation associated with Remote Code Inclusion vulnerabilities.
WordPress websites utilizing the bidorbuy Store Integrator plugin, particularly those running older versions (0.0.0–2.12.0), are at significant risk. Shared hosting environments are especially vulnerable as they often lack granular control over plugin updates and security configurations. Sites relying on legacy WordPress installations or those with inadequate security practices are also at increased risk.
• wordpress / composer / npm:
grep -r "bidorbuy Store Integrator" /var/www/html/
wp plugin list | grep bidorbuy Store Integrator• generic web:
curl -I https://your-wordpress-site.com/wp-content/plugins/bidorbuy-store-integrator/• wordpress / composer / npm:
wp plugin update bidorbuy-store-integratordisclosure
Statut de l'Exploit
EPSS
0.05% (percentile 16%)
CISA SSVC
Vecteur CVSS
The primary mitigation for CVE-2025-48100 is to immediately upgrade the bidorbuy Store Integrator plugin to version 2.12.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. Web Application Firewalls (WAFs) configured with rules to detect and block code injection attempts can provide an additional layer of defense. Monitor WordPress access logs for suspicious activity, particularly attempts to include external files. After upgrading, confirm the vulnerability is resolved by attempting a code inclusion attempt (if safe to do so in a test environment) and verifying that it is blocked.
Actualice el plugin bidorbuy Store Integrator a la última versión disponible para mitigar la vulnerabilidad de ejecución remota de código. Verifique la página del plugin en WordPress.org para obtener la versión más reciente y las instrucciones de actualización. Considere deshabilitar o eliminar el plugin si no es esencial para su sitio web.
Analyses de vulnérabilités et alertes critiques directement dans votre boîte mail.
CVE-2025-48100 is a critical Remote Code Execution vulnerability in the bidorbuy Store Integrator WordPress plugin, allowing attackers to execute arbitrary code through Code Injection.
You are affected if your WordPress site uses bidorbuy Store Integrator versions 0.0.0 through 2.12.0. Check your plugin versions immediately.
Upgrade the bidorbuy Store Integrator plugin to version 2.12.1 or later. If immediate upgrade is not possible, temporarily disable the plugin.
As of the publication date, there is no confirmed active exploitation, but the vulnerability's severity suggests exploitation is likely.
Refer to the extremeidea website and WordPress plugin repository for the latest advisory and updates regarding CVE-2025-48100.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.
Téléverse ton fichier de dépendances et découvre instantanément si cette CVE et d'autres te touchent.