CVE-2024-25909 – This vulnerability allows attackers to upload a... (How to Fix)

Q: What is the severity of CVE-2024-25909?

CVE-2024-25909 has a CVSS score of 9.9 (CRITICAL). This vulnerability allows attackers to upload arbitrary files, including malicious scripts, to WordPress sites using the WP Media Folder plugin. It affects all versions up to 5.7.2, enabling even low-privileged users like subscribers to potentially execute remote code and take over the site.

📋 TL;DR

This vulnerability allows attackers to upload arbitrary files, including malicious scripts, to WordPress sites using the WP Media Folder plugin. It affects all versions up to 5.7.2, enabling even low-privileged users like subscribers to potentially execute remote code and take over the site.

💻 Affected Systems

Products:

WordPress WP Media Folder plugin

Versions: All versions up to and including 5.7.2

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: Affects WordPress installations with the plugin enabled; no special configuration required.

📦 What is this software?

Wp Media Folder by Joomunited

View all CVEs affecting Wp Media Folder →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full site compromise via remote code execution, leading to data theft, defacement, or malware distribution.

🟠

Likely Case

Unauthorized file uploads resulting in backdoor installation, privilege escalation, or denial of service.

🟢

If Mitigated

Limited impact if file uploads are restricted or monitored, but risk remains due to the vulnerability's nature.

🌐 Internet-Facing: HIGH, as WordPress sites are typically internet-facing, making them easily accessible to attackers.

🏢 Internal Only: MEDIUM, as internal users could exploit it, but external exposure increases overall risk.

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires subscriber-level access or higher; public proof-of-concept details are available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Version 5.7.3 or later

Vendor Advisory: https://patchstack.com/database/vulnerability/wp-media-folder/wordpress-wp-media-folder-plugin-5-7-2-subscriber-arbitrary-file-upload-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Media Folder and update to version 5.7.3 or higher. 4. Verify the update completes successfully.

🔧 Temporary Workarounds

Disable plugin

all

Temporarily deactivate the WP Media Folder plugin to prevent exploitation.

wp plugin deactivate wp-media-folder

Restrict file uploads

linux

Use server-side rules to block uploads of dangerous file types (e.g., .php, .exe).

Add to .htaccess: <FilesMatch "\.(php|exe|sh)$">
  Deny from all
</FilesMatch>

🧯 If You Can't Patch

Remove subscriber and lower-level user roles if not needed to reduce attack surface.
Implement web application firewall (WAF) rules to block suspicious file upload attempts.

🔍 How to Verify

Check if Vulnerable:

Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is 5.7.2 or lower, it is vulnerable.

Check Version:

wp plugin get wp-media-folder --field=version

Verify Fix Applied:

After updating, confirm the plugin version is 5.7.3 or higher in the same location.

📡 Detection & Monitoring

Log Indicators:

Unusual file uploads to wp-content/uploads/ or similar directories, especially from low-privileged users.

Network Indicators:

HTTP POST requests to upload endpoints with suspicious file extensions.

SIEM Query:

source="wordpress.log" AND (event="file_upload" AND file_extension IN ("php", "exe", "sh"))

📊 Metadata

CVE ID: CVE-2024-25909

CVSS v3 Score: 9.9 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:H/I:H/A:H

CWE: CWE-434

Published: February 26, 2024

Last Updated: May 8, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2024-25909, you might also want to check these: