CVE-2025-12089
📋 TL;DR
The Data Tables Generator by Supsystic WordPress plugin contains a path traversal vulnerability in its cleanCache() function that allows authenticated attackers with Administrator privileges to delete arbitrary files on the server. This affects all versions up to and including 1.10.45. Successful exploitation can lead to remote code execution by deleting critical files like wp-config.php.
💻 Affected Systems
- Data Tables Generator by Supsystic WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise through remote code execution, data loss, and potential server takeover by deleting critical system files.
Likely Case
Website defacement, data loss, and service disruption through deletion of WordPress core files or configuration files.
If Mitigated
Limited impact if proper access controls and file permissions are in place, though file deletion could still occur.
🎯 Exploit Status
Exploitation requires authenticated Administrator access. The vulnerability is straightforward to exploit once access is obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.10.46 and later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Data Tables Generator by Supsystic'. 4. Click 'Update Now' if update is available. 5. Alternatively, download version 1.10.46+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable or Remove Plugin
allTemporarily disable or remove the vulnerable plugin until patched.
wp plugin deactivate data-tables-generator-by-supsystic
wp plugin delete data-tables-generator-by-supsystic
Restrict Administrator Access
allImplement strict access controls and review Administrator accounts.
🧯 If You Can't Patch
- Remove Administrator access from untrusted users and implement principle of least privilege.
- Implement file integrity monitoring to detect unauthorized file deletions.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Data Tables Generator by Supsystic → Version number. If version is 1.10.45 or lower, you are vulnerable.Check Version:
wp plugin get data-tables-generator-by-supsystic --field=versionVerify Fix Applied:
Verify plugin version is 1.10.46 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file deletion events in web server logs
- Administrator account logins from unexpected locations
- POST requests to plugin cache cleanup endpoints
Network Indicators:
- HTTP requests to /wp-admin/admin-ajax.php with action parameters related to cache cleanup
SIEM Query:
source="web_server_logs" AND (uri_path="/wp-admin/admin-ajax.php" AND action="*cache*" AND status=200)🔗 References
- https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&old=3394112%40data-tables-generator-by-supsystic&new=3394112%40data-tables-generator-by-supsystic&sfp_email=&sfph_mail=
- https://www.wordfence.com/threat-intel/vulnerabilities/id/15e671e5-a9a6-4439-93cc-8d46fe0cde16?source=cve
