Overview
CVE-2025-12359 is a Server-Side Request Forgery (SSRF) vulnerability affecting the Responsive Lightbox & Gallery plugin for WordPress, specifically versions up to and including 2.5.3. This flaw allows authenticated attackers with Author-level access or higher to force the WordPress server to make requests to arbitrary internal or external locations. Due to insufficient validation of user-supplied URLs used to determine image dimensions, attackers can exploit the ‘get_image_size_by_url’ function. This can lead to information disclosure and potential modification of internal resources.
Technical Details
The vulnerability resides in how the ‘get_image_size_by_url’ function (used by the plugin when processing image URLs for gallery items) handles user-supplied URLs. The plugin fails to adequately validate and sanitize these URLs before making HTTP requests to them. Specifically, the following files are implicated:
includes/class-fast-image.php(get_image_size_by_urlfunction): The core function responsible for fetching image dimensions.includes/class-frontend.phpincludes/class-galleries.phpincludes/functions.php
An attacker can craft a malicious request containing a URL pointing to an internal server resource (e.g., http://localhost/wp-config.php) or an external resource under their control. When the plugin attempts to retrieve the image dimensions from this URL, it inadvertently exposes the contents of the target resource or allows the attacker to interact with it via the WordPress server.
CVSS Analysis
The Common Vulnerability Scoring System (CVSS) assigns CVE-2025-12359 a score of 5.4, indicating a MEDIUM severity. The CVSS vector typically looks something like this (but may be specific to the scanner reporting it): AV:N/AC:L/PR:L/UI:N/S:U/C:L/I:L/A:N. This translates to:
- Attack Vector (AV:N): Network – The vulnerability can be exploited over the network.
- Attack Complexity (AC:L): Low – Exploitation requires little specialized access or conditions.
- Privileges Required (PR:L): Low – An attacker requires low-level privileges (Author or higher) to exploit the vulnerability.
- User Interaction (UI:N): None – No user interaction is required to exploit the vulnerability.
- Scope (S:U): Unchanged – An exploited vulnerability can only affect resources managed by the same security authority.
- Confidentiality Impact (C:L): Low – There is limited disclosure of information.
- Integrity Impact (I:L): Low – Possible modification of data.
- Availability Impact (A:N): None – There is no impact to availability.
Possible Impact
Successful exploitation of this SSRF vulnerability can have several negative consequences:
- Information Disclosure: An attacker could potentially access sensitive internal files, such as configuration files (e.g.,
wp-config.php) containing database credentials. - Internal Service Interaction: The attacker can use the WordPress server as a proxy to interact with internal services, potentially leading to unauthorized access or modification of data within the internal network.
- Denial-of-Service (DoS): By making numerous requests to internal or external targets, an attacker could potentially overload the WordPress server or the target service, resulting in a denial-of-service.
Mitigation and Patch Steps
The recommended mitigation is to update the Responsive Lightbox & Gallery plugin to the latest version. The vulnerability has been patched in versions released after 2.5.3. If updating is not immediately possible, consider temporarily disabling the plugin until an update can be performed.
