プラットフォーム
wordpress
コンポーネント
bearsthemes-bears-backup
修正版
2.0.1
CVE-2025-5396 is a critical Remote Code Execution (RCE) vulnerability discovered in the Bears Backup WordPress plugin. This flaw allows unauthenticated attackers to execute arbitrary code on the server due to insufficient input validation within the bbackupajaxhandle() function. The vulnerability impacts versions 0.0.0 through 2.0.0 of the plugin, and a patch is currently required to address the issue.
The impact of CVE-2025-5396 is severe. Successful exploitation allows an attacker to execute arbitrary code on the WordPress server with the privileges of the web server user. This could lead to complete compromise of the website, including data exfiltration, malware injection, and defacement. The ability to create new administrative user accounts further amplifies the attacker's control. Notably, this vulnerability can be chained with CVE-2025-5394 when using the Alone theme versions 7.8.4 and older, significantly increasing the attack surface.
CVE-2025-5396 was publicly disclosed on 2025-07-17. The vulnerability is considered high probability due to the lack of authentication checks and the ease of exploitation. Public proof-of-concept (PoC) code is likely to emerge quickly, increasing the risk of widespread exploitation. The combination with CVE-2025-5394 further elevates the risk profile, particularly for sites using the Alone theme.
WordPress websites utilizing the Bears Backup plugin, particularly those running versions 0.0.0 through 2.0.0, are at significant risk. Sites using the Alone theme version 7.8.4 or older are at even higher risk due to the potential for chaining with CVE-2025-5394. Shared hosting environments where plugin updates are not consistently managed are also particularly vulnerable.
• wordpress / composer / npm:
grep -r 'bbackup_ajax_handle' /var/www/html/wp-content/plugins/bears-backup/• wordpress / composer / npm:
wp plugin list | grep 'bears-backup'• wordpress / composer / npm:
curl -I http://your-wordpress-site.com/wp-admin/admin-ajax.php?action=bbackup_ajax_handle | grep -i 'server'disclosure
エクスプロイト状況
EPSS
0.73% (73% パーセンタイル)
CISA SSVC
CVSS ベクトル
The primary mitigation for CVE-2025-5396 is to immediately upgrade the Bears Backup plugin to a patched version. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. While not a complete solution, implementing a Web Application Firewall (WAF) with rules to filter suspicious requests to the bbackupajaxhandle() endpoint can provide a temporary layer of defense. Monitor WordPress access logs for unusual activity and suspicious user agents targeting this endpoint. After upgrading, confirm the vulnerability is resolved by attempting a controlled code execution test through the plugin's AJAX interface.
Actualice el plugin Bears Backup a la última versión disponible, ya que las versiones anteriores son vulnerables a la ejecución remota de código. Verifique las fuentes oficiales del plugin (como el repositorio de WordPress o el sitio web del desarrollador) para obtener la versión más reciente y las instrucciones de actualización. Considere implementar medidas de seguridad adicionales, como limitar los permisos de usuario y mantener el software actualizado.
脆弱性分析と重要アラートをメールでお届けします。
CVE-2025-5396 is a critical Remote Code Execution vulnerability in the Bears Backup WordPress plugin, allowing attackers to execute code on the server without authentication.
Yes, if you are using the Bears Backup plugin versions 0.0.0 through 2.0.0, you are affected by this vulnerability. Sites using the Alone theme version 7.8.4 or older are at even higher risk.
Upgrade the Bears Backup plugin to a patched version as soon as possible. If upgrading is not immediately possible, disable the plugin and consider WAF rules.
While active exploitation is not yet confirmed, the vulnerability's severity and ease of exploitation suggest a high likelihood of exploitation in the near future.
Refer to the WordPress security advisory and the Bears Backup plugin's official website for updates and announcements regarding this vulnerability.
依存関係ファイルをアップロードすれば、このCVEや他のCVEがあなたに影響するか即座にわかります。