CVE-2025-13070
📋 TL;DR
The CSV to SortTable WordPress plugin through version 4.2 contains a Local File Inclusion (LFI) vulnerability that allows authenticated users (including contributors) to read arbitrary files on the server. This occurs because the plugin fails to validate shortcode attributes before using them in file inclusion functions. Any WordPress site using vulnerable versions of this plugin is affected.
💻 Affected Systems
- CSV to SortTable WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could read sensitive files like wp-config.php containing database credentials, potentially leading to full site compromise, data theft, or further server exploitation.
Likely Case
Authenticated users with contributor privileges could read sensitive configuration files, potentially escalating privileges or accessing sensitive data.
If Mitigated
With proper access controls and file permissions, impact would be limited to files readable by the web server user.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once authenticated
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.3 or later
Vendor Advisory: https://wpscan.com/vulnerability/deb52d69-d7f8-43a5-a709-1f543fd343c6/
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find CSV to SortTable plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and remove the plugin
🔧 Temporary Workarounds
Remove vulnerable plugin
allDeactivate and delete the CSV to SortTable plugin if not essential
wp plugin deactivate csv-to-sorttable
wp plugin delete csv-to-sorttable
Restrict user roles
allLimit contributor and author role creation to trusted users only
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block LFI patterns
- Restrict file system permissions to limit what the web server user can read
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for CSV to SortTable version 4.2 or earlierCheck Version:
wp plugin get csv-to-sorttable --field=versionVerify Fix Applied:
Verify plugin version is 4.3 or later, or confirm plugin is removed📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs
- Multiple requests with suspicious shortcode parameters
Network Indicators:
- HTTP requests containing file path traversal patterns in shortcode attributes
SIEM Query:
source="web_server_logs" AND (uri="*wp-content/plugins/csv-to-sorttable/*" AND (param="*../*" OR param="*..\\*"))