CVE-2025-0180
📋 TL;DR
The WP Foodbakery WordPress plugin has a privilege escalation vulnerability that allows unauthenticated attackers to register as administrators. This affects all versions up to and including 3.3. Any WordPress site using this vulnerable plugin is at risk.
💻 Affected Systems
- WP Foodbakery WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover where attackers gain administrative access, install backdoors, steal data, deface the site, or use it for further attacks.
Likely Case
Attackers create administrator accounts to gain persistent access, potentially leading to data theft, malware installation, or site compromise.
If Mitigated
With proper controls like WAF rules and monitoring, attacks may be blocked or detected before significant damage occurs.
🎯 Exploit Status
Exploitation is straightforward and requires minimal technical skill. Public proof-of-concept code exists.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version 3.4 or later
Vendor Advisory: https://themeforest.net/item/food-bakery-restaurant-bakery-responsive-wordpress-theme/18970331
Restart Required: No
Instructions:
1. Update the WP Foodbakery plugin to version 3.4 or later via WordPress admin panel. 2. Verify the update completed successfully. 3. Test user registration functionality.
🔧 Temporary Workarounds
Disable User Registration
allTemporarily disable user registration in WordPress settings to prevent exploitation.
Web Application Firewall Rule
allAdd WAF rules to block suspicious user registration requests targeting the vulnerable endpoint.
🧯 If You Can't Patch
- Immediately disable the WP Foodbakery plugin if patching is not possible.
- Implement strict monitoring for unauthorized administrator account creation and suspicious user registration activity.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin panel under Plugins. If version is 3.3 or lower, the site is vulnerable.Check Version:
wp plugin list --name=foodbakery --field=versionVerify Fix Applied:
After updating, confirm the plugin version shows 3.4 or higher in the WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Multiple user registration attempts from single IP
- User registration with administrator role or unusual meta data
- New administrator accounts created via registration form
Network Indicators:
- HTTP POST requests to user registration endpoints with modified role parameters
- Unusual traffic patterns to registration pages
SIEM Query:
source="wordpress.log" AND (event="user_registration" AND role="administrator") OR (event="user_created" AND user_role="administrator")