CRITICALCVE-2025-48100CVSS 9.1

WordPress bidorbuy Store Integrator 插件 <= 2.12.0 - 远程代码执行 (RCE) 漏洞

Q: What is CVE-2025-48100 — RCE in bidorbuy Store Integrator?

CVE-2025-48100 is a critical Remote Code Execution vulnerability in the bidorbuy Store Integrator WordPress plugin, allowing attackers to execute arbitrary code through Code Injection.

Q: Am I affected by CVE-2025-48100 in bidorbuy Store Integrator?

You are affected if your WordPress site uses bidorbuy Store Integrator versions 0.0.0 through 2.12.0. Check your plugin versions immediately.

Q: How do I fix CVE-2025-48100 in bidorbuy Store Integrator?

Upgrade the bidorbuy Store Integrator plugin to version 2.12.1 or later. If immediate upgrade is not possible, temporarily disable the plugin.

Q: Is CVE-2025-48100 being actively exploited?

As of the publication date, there is no confirmed active exploitation, but the vulnerability's severity suggests exploitation is likely.

Q: Where can I find the official bidorbuy Store Integrator advisory for CVE-2025-48100?

Refer to the extremeidea website and WordPress plugin repository for the latest advisory and updates regarding CVE-2025-48100.

平台

wordpress

组件

bidorbuystoreintegrator

修复版本

2.12.1

AI Confidence: highNVDEPSS 0.1%已审阅: 2026年5月

在NVD查看

保存

正在翻译为您的语言…

CVE-2025-48100 describes a Remote Code Execution (RCE) vulnerability within the extremeidea bidorbuy Store Integrator plugin for WordPress. This flaw, stemming from improper control of code generation (Code Injection), allows attackers to achieve Remote Code Inclusion. The vulnerability impacts versions from 0.0.0 through 2.12.0, and a patch is available in version 2.12.1.

WordPress

检测此 CVE 是否影响你的项目

上传你的依赖文件，立即了解此CVE和其他CVE是否影响你。

免费扫描

影响与攻击场景翻译中…

The impact of this RCE vulnerability is severe. An attacker can exploit this flaw to execute arbitrary code on the affected WordPress server. This could lead to complete system compromise, including data theft, modification, or deletion. The attacker could also install malware, create backdoors for persistent access, or use the compromised server as a launchpad for further attacks against other systems on the network. The ability to achieve Remote Code Inclusion significantly expands the attack surface and potential damage.

利用背景翻译中…

CVE-2025-48100 has been publicly disclosed and assigned a CRITICAL CVSS score of 9.1. As of the publication date (2025-08-28), there is no indication of active exploitation campaigns. The vulnerability is not currently listed on the CISA KEV catalog. Public proof-of-concept exploits are likely to emerge given the severity and ease of exploitation associated with Remote Code Inclusion vulnerabilities.

哪些人处于风险中翻译中…

WordPress websites utilizing the bidorbuy Store Integrator plugin, particularly those running older versions (0.0.0–2.12.0), are at significant risk. Shared hosting environments are especially vulnerable as they often lack granular control over plugin updates and security configurations. Sites relying on legacy WordPress installations or those with inadequate security practices are also at increased risk.

检测步骤翻译中…

• wordpress / composer / npm:

grep -r "bidorbuy Store Integrator" /var/www/html/
wp plugin list | grep bidorbuy Store Integrator

• generic web:

curl -I https://your-wordpress-site.com/wp-content/plugins/bidorbuy-store-integrator/

• wordpress / composer / npm:

wp plugin update bidorbuy-store-integrator

攻击时间线

2025-08-28Disclosure
disclosure

威胁情报

漏洞利用状态

概念验证未知

CISA KEVNO

互联网暴露高

EPSS

0.05% (16% 百分位)

CISA SSVC

利用情况none

可自动化no

技术影响total

CVSS 向量

这些指标意味着什么？

Attack Vector: 网络 — 可通过互联网远程利用，无需物理或本地访问。攻击面最大。
Attack Complexity: 低 — 无需特殊条件，可以稳定地利用漏洞。
Privileges Required: 高 — 需要管理员或特权账户。
User Interaction: 无 — 攻击自动且无声，受害者无需任何操作。
Scope: 已改变 — 攻击可以超出脆弱组件，影响其他系统。
Confidentiality: 高 — 完全丧失机密性，攻击者可读取所有数据。
Integrity: 高 — 攻击者可写入、修改或删除任何数据。
Availability: 高 — 完全崩溃或资源耗尽，完全拒绝服务。

受影响的软件

组件bidorbuystoreintegrator

供应商extremeidea

影响范围修复版本

0 – 2.12.02.12.1

软件包信息

活跃安装数: 40
插件评分: 5.0
需要WordPress版本: 4.8+
兼容至: 5.6.17

主页

弱点分类 (CWE)

CWE-94

时间线

已保留2025-05-15
发布日期2025-08-28
修改日期2026-04-28
EPSS 更新日期2026-03-23

缓解措施和替代方案翻译中…

The primary mitigation for CVE-2025-48100 is to immediately upgrade the bidorbuy Store Integrator plugin to version 2.12.1 or later. If upgrading is not immediately feasible due to compatibility issues or breaking changes, consider temporarily disabling the plugin. Web Application Firewalls (WAFs) configured with rules to detect and block code injection attempts can provide an additional layer of defense. Monitor WordPress access logs for suspicious activity, particularly attempts to include external files. After upgrading, confirm the vulnerability is resolved by attempting a code inclusion attempt (if safe to do so in a test environment) and verifying that it is blocked.

修复方法

将 bidorbuy Store Integrator 插件更新到可用的最新版本以缓解远程代码执行漏洞。请检查 WordPress.org 上的插件页面以获取最新版本和更新说明。如果插件对您的网站不是必需的，请考虑禁用或删除该插件。

CVE 安全通讯

漏洞分析和关键警报直接发送到您的邮箱。

常见问题翻译中…

What is CVE-2025-48100 — RCE in bidorbuy Store Integrator?

CVE-2025-48100 is a critical Remote Code Execution vulnerability in the bidorbuy Store Integrator WordPress plugin, allowing attackers to execute arbitrary code through Code Injection.

Am I affected by CVE-2025-48100 in bidorbuy Store Integrator?

You are affected if your WordPress site uses bidorbuy Store Integrator versions 0.0.0 through 2.12.0. Check your plugin versions immediately.

How do I fix CVE-2025-48100 in bidorbuy Store Integrator?

Upgrade the bidorbuy Store Integrator plugin to version 2.12.1 or later. If immediate upgrade is not possible, temporarily disable the plugin.

Is CVE-2025-48100 being actively exploited?

As of the publication date, there is no confirmed active exploitation, but the vulnerability's severity suggests exploitation is likely.

Where can I find the official bidorbuy Store Integrator advisory for CVE-2025-48100?

Refer to the extremeidea website and WordPress plugin repository for the latest advisory and updates regarding CVE-2025-48100.

你的项目受影响吗?

上传你的依赖文件，立即了解此CVE和其他CVE是否影响你。

免费扫描搜索 CVE