Vikinger <= 1.9.32 - 认证用户 (订阅者+) 通过 vikinger_delete_activity_media_ajax 函数实现任意文件删除

该漏洞的潜在影响非常严重。攻击者可以利用此漏洞删除关键文件，例如 wp-config.php，从而获得对 WordPress 站点的完全控制权。攻击者还可以删除其他重要文件，导致网站无法正常运行或数据泄露。由于 Vikinger Media 插件需要安装并激活，攻击者需要具备 Subscriber 级别的访问权限才能利用此漏洞。如果攻击者成功删除 wp-config.php，他们可以修改数据库连接信息，从而访问敏感数据或执行恶意代码。

WordPress websites using the Vikinger theme, particularly those with the Vikinger Media plugin installed and active, are at risk. Sites with weak password policies or overly permissive user roles are especially vulnerable, as an attacker could easily gain Subscriber-level access. Shared hosting environments where multiple WordPress sites share the same server resources are also at increased risk, as a compromise of one site could potentially lead to the compromise of others.

• wordpress / composer / npm:

grep -r 'vikinger_delete_activity_media_ajax' /var/www/html/wp-content/plugins/

• wordpress / composer / npm:

wp plugin list | grep vikinger

• wordpress / composer / npm:

curl -I http://your-wordpress-site.com/wp-admin/admin-ajax.php?action=vikinger_delete_activity_media_ajax | grep -i '200 OK'

1. 2025-07-02Disclosure

   disclosure

1. 已保留2025-05-19
2. 发布日期2025-07-02
3. 修改日期2026-04-08
4. EPSS 更新日期2026-03-23

为了缓解 CVE-2025-4946 漏洞，建议用户立即升级到最新版本的 Vikinger WordPress 主题。如果无法立即升级，可以考虑以下缓解措施：限制用户权限，确保只有管理员才能访问敏感文件。实施严格的文件访问控制，防止未经授权的访问。监控服务器日志，检测可疑活动。如果 Vikinger Media 插件不是必需的，可以考虑禁用该插件。