Login Sign Up

CVE-2025-0764

6.5 MEDIUM

📋 TL;DR

The wpForo Forum WordPress plugin has an arbitrary file read vulnerability that allows authenticated attackers with subscriber-level access or higher to read any file on the server. This affects all versions up to and including 2.4.1. Attackers can potentially access sensitive configuration files, credentials, or other sensitive data.

💻 Affected Systems

Products:
  • wpForo Forum WordPress plugin
Versions: All versions up to and including 2.4.1
Operating Systems: All
Default Config Vulnerable: ⚠️ Yes
Notes: Requires authenticated user with at least subscriber-level privileges. WordPress multisite installations are also affected.

📦 What is this software?

Wpforo Forum by Gvectors

View all CVEs affecting Wpforo Forum →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers read sensitive files like wp-config.php containing database credentials, SSH keys, or other configuration files, leading to complete system compromise.

🟠

Likely Case

Attackers read WordPress configuration files to obtain database credentials, then escalate access to take over the WordPress site.

🟢

If Mitigated

With proper file permissions and network segmentation, attackers can only read non-sensitive files, limiting damage to information disclosure.

🌐 Internet-Facing: HIGH
🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ✅ No
Complexity: LOW

Exploitation requires authenticated access but is technically simple. Public proof-of-concept code is available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.4.2

Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3245711/wpforo

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find wpForo Forum and click 'Update Now'. 4. Verify version is 2.4.2 or higher.

🔧 Temporary Workarounds

Disable wpForo plugin

all

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate wpforo

Restrict user registration

all

Prevent new user accounts from being created to limit attack surface

wp option update users_can_register 0

🧯 If You Can't Patch

  • Implement strict file permissions (config files should be 400 or 600)
  • Monitor for suspicious file read attempts in WordPress and web server logs

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → wpForo Forum version. If version is 2.4.1 or lower, system is vulnerable.

Check Version:

wp plugin get wpforo --field=version

Verify Fix Applied:

After updating, verify wpForo version is 2.4.2 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

  • Unusual file read requests in wpForo plugin logs
  • Multiple failed authentication attempts followed by successful login and file access patterns

Network Indicators:

  • HTTP requests to wpForo endpoints with file path parameters
  • Unusual outbound data transfers after authenticated sessions

SIEM Query:

source="wordpress.log" AND "wpforo" AND ("file" OR "read" OR "path")

📊 Metadata

CVE ID: CVE-2025-0764
CVSS v3 Score: 6.5 (MEDIUM)
CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:N/A:N
CWE: CWE-20
EPSS Score: 0.15% exploit probability (36.2th percentile)
Published: February 28, 2025
Last Updated: March 6, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-0764, you might also want to check these:

CVE-2022-47190 10.0

CVE-2022-47190 allows remote attackers to upload malicious firmware containing a webshell to Generex...

Same vulnerability type (CWE-20)
CVE-2024-3400 10.0

CVE-2024-3400 is a critical command injection vulnerability in Palo Alto Networks PAN-OS GlobalProte...

Same vulnerability type (CWE-20)
CVE-2023-42802 10.0

This critical vulnerability in GLPI allows attackers to upload malicious PHP files to unauthorized d...

Same vulnerability type (CWE-20)