Cybersecurity Vulnerabilities

Urgent Security Alert: Critical Vulnerability in CIBELES AI WordPress Plugin (CVE-2025-13595)

November 26, 2025 - By 

Overview

A critical vulnerability, identified as CVE-2025-13595, has been discovered in the CIBELES AI WordPress plugin. This vulnerability allows unauthenticated attackers to upload arbitrary files, potentially leading to remote code execution. All versions of the plugin up to and including 1.10.8 are affected. It is imperative to update to the latest version or remove the plugin immediately.

Technical Details

The vulnerability stems from a missing capability check in the actualizador_git.php file within the CIBELES AI plugin. Specifically, the file fails to verify user permissions before allowing the download of arbitrary GitHub repositories and overwriting existing plugin files. This weakness enables an unauthenticated attacker to manipulate the plugin’s code, potentially executing arbitrary code on the server.

The vulnerable code can be found in actualizador_git.php before the patch.

CVSS Analysis

  • CVE ID: CVE-2025-13595
  • Severity: CRITICAL
  • CVSS Score: 9.8

A CVSS score of 9.8 signifies a critical severity. This indicates a high probability of successful exploitation and a significant impact on the affected system.

Possible Impact

The successful exploitation of this vulnerability can have severe consequences, including:

  • Remote Code Execution (RCE): Attackers can execute arbitrary code on the web server, gaining complete control of the website.
  • Website Defacement: Attackers can modify the website’s content.
  • Data Theft: Attackers can steal sensitive data stored on the server.
  • Malware Distribution: Attackers can use the compromised website to distribute malware.
  • Backdoor Installation: Attackers can install backdoors for persistent access to the server.

Mitigation or Patch Steps

The recommended mitigation steps are:

  1. Update the Plugin: Immediately update the CIBELES AI plugin to the latest available version. The fix has been implemented in a version released after 1.10.8.
  2. Remove the Plugin: If an update is not immediately possible, remove the plugin entirely from your WordPress installation.
  3. Monitor Your Website: Keep a close watch on your website for any signs of compromise.

The changeset containing the fix can be viewed on the WordPress Plugin Repository: Plugin Changeset.

References

GitHub Exploit POC
Vulnerable Code Location
Plugin Patch Commit
Ryan Kozak’s Blog Post
Wordfence Threat Intelligence Report

Cybersecurity specialist and founder of Gowri Shankar Infosec - a professional blog dedicated to sharing actionable insights on cybersecurity, data protection, server administration, and compliance frameworks including SOC 2, PCI DSS, and GDPR.

Related Posts

CVE-2025-61932 Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

CVE-2025-61932: Critical Remote Code Execution Vulnerability in LANSCOPE Endpoint Manager

October 23, 2025

Leave a Reply

Your email address will not be published. Required fields are marked *