Overview
A critical vulnerability, identified as CVE-2025-13065, has been discovered in the Starter Templates plugin for WordPress. This vulnerability affects all versions up to and including 4.4.41. It allows authenticated attackers with author-level access or higher to upload arbitrary files to the affected server, potentially leading to remote code execution.
Technical Details
The vulnerability stems from insufficient file type validation when processing WXR files during the template import process. The plugin fails to properly sanitize filenames, specifically when detecting WXR files. This allows attackers to upload files with double extensions (e.g., malicious.php.wxr) which bypass the initial WXR file check, while the server subsequently interprets the file based on the first extension (.php in this example). Because of the insufficient validation, the server may execute it as a PHP file.
CVSS Analysis
- CVE ID: CVE-2025-13065
- Severity: HIGH
- CVSS Score: 8.8
A CVSS score of 8.8 indicates a high-severity vulnerability. This is because the vulnerability allows for unauthenticated arbitrary file upload and potential remote code execution, making it a significant threat to affected WordPress websites.
Possible Impact
Successful exploitation of this vulnerability could have severe consequences, including:
- Remote Code Execution (RCE): Attackers can execute arbitrary code on the server, potentially gaining complete control of the website.
- Website Defacement: Attackers can modify website content, redirect users, or inject malicious code.
- Data Theft: Attackers can steal sensitive data, including user credentials, database information, and financial data.
- Backdoor Installation: Attackers can install backdoors to maintain persistent access to the compromised server.
Mitigation or Patch Steps
The vulnerability has been addressed in version 4.4.42 of the Starter Templates plugin. It is imperative to take the following steps immediately:
- Update the Plugin: Update the Starter Templates plugin to version 4.4.42 or later through the WordPress admin dashboard.
- Review User Roles: Restrict author-level access to only trusted users.
- Monitor for Suspicious Activity: Monitor server logs for any unusual file uploads or code execution attempts.