CVE-2025-13322
📋 TL;DR
The WP AUDIO GALLERY WordPress plugin allows authenticated attackers with subscriber-level access or higher to delete arbitrary files on the server due to insufficient file path validation. This vulnerability affects all versions up to and including 2.0 and can lead to remote code execution by deleting critical files like wp-config.php.
💻 Affected Systems
- WP AUDIO GALLERY WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise through remote code execution by deleting wp-config.php or other critical files, leading to data loss, defacement, or server takeover.
Likely Case
Site disruption or data loss through deletion of important files, potentially causing downtime or content loss.
If Mitigated
Limited impact if proper file permissions and access controls prevent deletion of critical system files.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained. The vulnerability is well-documented with code references available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.1 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/wp-audio-gallery
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP AUDIO GALLERY. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 2.0.1+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable vulnerable AJAX endpoint
allRemove or restrict access to the vulnerable wpag_uploadaudio_callback() function
Add to theme's functions.php or custom plugin: remove_action('wp_ajax_wpag_uploadaudio', 'wpag_uploadaudio_callback'); remove_action('wp_ajax_nopriv_wpag_uploadaudio', 'wpag_uploadaudio_callback');
Deactivate plugin
allTemporarily disable the plugin until patched
wp plugin deactivate wp-audio-gallery
🧯 If You Can't Patch
- Restrict user registration and review existing user accounts for suspicious activity
- Implement strict file permissions (e.g., 644 for files, 755 for directories) and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for WP AUDIO GALLERY version 2.0 or earlierCheck Version:
wp plugin get wp-audio-gallery --field=versionVerify Fix Applied:
Verify plugin version is 2.0.1 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Multiple failed file deletion attempts in WordPress debug logs
- AJAX requests to /wp-admin/admin-ajax.php with action=wpag_uploadaudio containing unusual file paths
- Unexpected file deletion events in system logs
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with audio_upload parameter containing path traversal sequences (../)
SIEM Query:
source="wordpress.log" AND "wpag_uploadaudio" AND ("../" OR "/etc/" OR "wp-config")🔗 References
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L150
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L513
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L607
- https://www.wordfence.com/threat-intel/vulnerabilities/id/101675ae-88cf-42fc-b9ea-5dd37cdf7464?source=cve
