प्लेटफ़ॉर्म
wordpress
घटक
ap-plugin-scripteo
में ठीक किया गया
4.89.1
CVE-2025-46444 describes a PHP Local File Inclusion (LFI) vulnerability within the scripteo Ads Pro ap-plugin-scripteo component. This vulnerability allows an attacker to include arbitrary files on the server, potentially leading to sensitive information disclosure. Versions of Ads Pro from 0.0 up to and including 4.89 are affected. A fix is pending, and mitigation strategies are crucial.
The primary impact of this LFI vulnerability is the potential for sensitive information disclosure. An attacker could leverage this flaw to read configuration files, source code, or other files containing credentials, API keys, or proprietary data. Successful exploitation could lead to further compromise of the system, including data breaches and unauthorized access. While the vulnerability is classified as Local File Inclusion, the potential for escalating privileges or gaining access to critical system resources depends on the files accessible through the inclusion mechanism. The blast radius extends to any data accessible through files on the server.
The vulnerability was published on 2025-05-23. Exploitation probability is currently assessed as medium, given the relatively straightforward nature of LFI vulnerabilities and the potential for automated scanning. Public proof-of-concept (POC) code is likely to emerge, increasing the risk of exploitation. Monitor security advisories and threat intelligence feeds for any indications of active campaigns targeting this vulnerability.
एक्सप्लॉइट स्थिति
EPSS
0.55% (68% शतमक)
CISA SSVC
CVSS वेक्टर
Without a patched version of Ads Pro available, immediate mitigation focuses on restricting file access and validating user input. Implement strict file access controls to limit the files that can be included. Thoroughly validate any user-supplied input used in file paths to prevent attackers from manipulating the inclusion process. Consider using a Web Application Firewall (WAF) to filter malicious requests and block attempts to exploit the vulnerability. Regularly review and update server configurations to minimize the attack surface. After implementing these mitigations, verify their effectiveness by attempting to trigger the vulnerability with controlled input and confirming that file access is restricted.
No known patch available. Please review the vulnerability's details in depth and employ mitigations based on your organization's risk tolerance. It may be best to uninstall the affected software and find a replacement.
भेद्यता विश्लेषण और गंभीर अलर्ट सीधे आपके ईमेल में।
CVE-2025-46444 is a vulnerability in Ads Pro allowing attackers to include arbitrary files on the server, potentially exposing sensitive data. It affects versions 0.0 through 4.89 and has a CVSS score of 8.1 (HIGH).
You are affected if you are using Ads Pro versions 0.0 to 4.89. Check your installed version and implement mitigation strategies until a patch is available.
A patch is pending. Mitigate by restricting file access, validating user input, and using a WAF. Monitor for updates from the vendor.
While no active campaigns have been confirmed, the vulnerability's nature suggests a medium probability of exploitation, and public POCs are likely to emerge.
Check the scripteo website and WordPress plugin repository for updates and advisories related to CVE-2025-46444.
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।
अपनी डिपेंडेंसी फ़ाइल अपलोड करें और तुरंत जानें कि यह CVE और अन्य आपको प्रभावित करती हैं या नहीं।