प्लेटफ़ॉर्म
wordpress
घटक
digiwidgets-image-editor
में ठीक किया गया
1.10.1
CVE-2025-30580 describes a Remote Code Execution (RCE) vulnerability within the DigiWidgets Image Editor, allowing for Remote Code Inclusion. This flaw permits attackers to execute arbitrary code on affected systems, potentially leading to complete system takeover. The vulnerability impacts versions from 0.0.0 up to and including 1.10. A patch is available in version 1.10.1.
The impact of this RCE vulnerability is severe. An attacker can leverage Remote Code Inclusion to execute malicious code directly on the server hosting the DigiWidgets Image Editor. This could involve deploying malware, stealing sensitive data, modifying website content, or establishing a persistent backdoor for future access. The blast radius extends to the entire server and potentially any connected systems if the attacker gains further access. Successful exploitation could be akin to a complete system compromise, allowing for data exfiltration and further malicious activities.
CVE-2025-30580 was publicly disclosed on 2025-04-01. Currently, there is no indication of active exploitation campaigns. The vulnerability is not listed on the CISA KEV catalog. Public proof-of-concept (PoC) code may emerge, increasing the risk of exploitation.
WordPress websites utilizing the DigiWidgets Image Editor plugin are at risk. Specifically, sites running older versions (0.0.0 - 1.10) are vulnerable. Shared hosting environments where users have limited control over plugin installations are particularly susceptible.
• wordpress / composer / npm:
grep -r 'kellydiek DigiWidgets Image Editor' /var/www/html/
wp plugin list | grep digiwidgets-image-editor• generic web:
curl -I https://your-website.com/wp-content/plugins/digiwidgets-image-editor/ | grep -i 'digiwidgets-image-editor'disclosure
एक्सप्लॉइट स्थिति
EPSS
0.38% (59% शतमक)
CISA SSVC
CVSS वेक्टर
The primary mitigation for CVE-2025-30580 is to immediately upgrade DigiWidgets Image Editor to version 1.10.1 or later. If upgrading is not immediately feasible, consider implementing temporary workarounds such as restricting file upload permissions within the WordPress environment to prevent the upload of malicious code. Review and harden WordPress security configurations, including disabling unnecessary plugins and themes. Monitor server logs for suspicious activity related to file uploads or code execution.
Actualice el plugin DigiWidgets Image Editor a la última versión disponible para mitigar la vulnerabilidad de ejecución remota de código. Verifique la página del plugin en WordPress.org para obtener la versión más reciente y las instrucciones de actualización. Considere deshabilitar o eliminar el plugin si no es esencial.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-30580 is a critical Remote Code Execution vulnerability in DigiWidgets Image Editor, allowing attackers to execute arbitrary code via Remote Code Inclusion. It affects versions 0.0.0 through 1.10.
Yes, if your WordPress site uses DigiWidgets Image Editor version 0.0.0 to 1.10, you are affected by this vulnerability. Check your plugin versions immediately.
Upgrade DigiWidgets Image Editor to version 1.10.1 or later to resolve this vulnerability. If immediate upgrade is not possible, implement temporary workarounds like restricting file uploads.
Currently, there is no confirmed evidence of active exploitation, but the vulnerability's severity warrants immediate attention and remediation.
Refer to the DigiWidgets Image Editor website or WordPress plugin repository for the official advisory and update information.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।