CVE-2025-13536
📋 TL;DR
The Blubrry PowerPress WordPress plugin allows authenticated attackers with Contributor-level access or higher to upload arbitrary files due to insufficient file type validation. This vulnerability affects all versions up to 11.15.2 and can lead to remote code execution on vulnerable WordPress sites.
💻 Affected Systems
- Blubrry PowerPress WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, allowing attackers to install backdoors, steal data, or pivot to other systems.
Likely Case
Webshell deployment leading to data theft, defacement, or use as part of a botnet.
If Mitigated
Limited impact if file uploads are restricted at web server level or if attacker lacks valid credentials.
🎯 Exploit Status
Exploitation requires authenticated access but is straightforward once credentials are obtained.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 11.15.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3402635/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find PowerPress plugin. 4. Click 'Update Now' if available. 5. Alternatively, download version 11.15.3+ from WordPress repository and manually update.
🔧 Temporary Workarounds
Disable File Uploads via .htaccess
linuxRestrict file uploads in WordPress uploads directory
Add to .htaccess in wp-content/uploads: <FilesMatch "\.(php|php5|php7|phtml|phar)$">
Order Allow,Deny
Deny from all
</FilesMatch>
Restrict Contributor Role Access
allTemporarily remove file upload capabilities from Contributor role
Use WordPress role management plugin or custom code to remove 'upload_files' capability from Contributor role
🧯 If You Can't Patch
- Disable or uninstall PowerPress plugin immediately
- Implement web application firewall rules to block suspicious file uploads
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for PowerPress version 11.15.2 or lowerCheck Version:
wp plugin list --name=powerpress --field=version (if WP-CLI installed)Verify Fix Applied:
Confirm PowerPress version is 11.15.3 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- Unusual file uploads to wp-content/uploads via POST to admin-ajax.php or admin-post.php
- PHP files with suspicious names in uploads directory
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with file upload parameters
- Unusual outbound connections from web server
SIEM Query:
source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path="/wp-admin/admin-post.php") AND method="POST" AND (form_data CONTAINS "powerpress" OR form_data CONTAINS "upload")🔗 References
- https://plugins.trac.wordpress.org/browser/powerpress/tags/11.14.1/powerpressadmin.php#L2368
- https://plugins.trac.wordpress.org/browser/powerpress/tags/11.14.1/powerpressadmin.php#L3012
- https://plugins.trac.wordpress.org/browser/powerpress/tags/11.14.1/powerpressadmin.php#L3068
- https://plugins.trac.wordpress.org/changeset/3402635/
- https://www.wordfence.com/threat-intel/vulnerabilities/id/d420ee49-e7b3-43d8-a263-8a93abd1133c?source=cve
