CVE-2025-13603
📋 TL;DR
The WP AUDIO GALLERY WordPress plugin up to version 2.0 allows authenticated attackers with subscriber-level access or higher to overwrite the site's .htaccess file with arbitrary content. This can lead to arbitrary file read on the server under certain configurations. All WordPress sites using vulnerable plugin versions are affected.
💻 Affected Systems
- WP AUDIO GALLERY WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full server file system read access, potentially exposing sensitive files like configuration files, database credentials, and user data, leading to complete site compromise.
Likely Case
Attackers read sensitive WordPress files (wp-config.php), access user data, or modify .htaccess to redirect traffic or enable further attacks.
If Mitigated
With proper access controls and monitoring, impact is limited to unauthorized file reads within web-accessible directories.
🎯 Exploit Status
Exploitation requires authenticated access but uses simple HTTP requests. The vulnerability is well-documented in public references.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.1 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/wp-audio-gallery
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP AUDIO GALLERY. 4. Click 'Update Now' if update available. 5. Alternatively, download latest version from WordPress plugin repository and replace files manually.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the vulnerable plugin until patched.
wp plugin deactivate wp-audio-gallery
Restrict User Registration
allDisable new user registration to prevent attackers from obtaining subscriber accounts.
Set 'Anyone can register' to false in WordPress Settings > General
🧯 If You Can't Patch
- Remove plugin files completely from wp-content/plugins/wp-audio-gallery directory.
- Implement web application firewall (WAF) rules to block requests to wpag_htaccess_callback endpoint.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WP AUDIO GALLERY version 2.0 or earlier.Check Version:
wp plugin get wp-audio-gallery --field=versionVerify Fix Applied:
Verify plugin version is 2.0.1 or later in WordPress admin panel or check file wp-audio-gallery.php for updated version number.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=wpag_htaccess_callback
- Unauthorized modifications to .htaccess file timestamps or content
Network Indicators:
- Unusual POST requests from subscriber-level users to admin-ajax.php endpoint
SIEM Query:
source="*access.log*" AND "POST /wp-admin/admin-ajax.php" AND "action=wpag_htaccess_callback"🔗 References
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/lib/util-functions.php#L133
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L162
- https://plugins.trac.wordpress.org/browser/wp-audio-gallery/tags/2.0/wp-audio-gallery.php#L647
- https://www.wordfence.com/threat-intel/vulnerabilities/id/852959d1-f8e0-4c1f-8a5c-5923bedc4889?source=cve
