CVE-2025-14344
📋 TL;DR
This vulnerability allows unauthenticated attackers to delete arbitrary files on WordPress servers running the vulnerable Multi Uploader for Gravity Forms plugin. It affects all WordPress sites using this plugin up to version 1.1.7, potentially leading to service disruption or data loss.
💻 Affected Systems
- Multi Uploader for Gravity Forms WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers delete critical system files (e.g., wp-config.php, .htaccess) or database files, causing complete site compromise, data loss, or server downtime.
Likely Case
Attackers delete WordPress core files or plugin files, disrupting website functionality or defacing the site.
If Mitigated
If file permissions are restrictive or the plugin is disabled, impact is limited to accessible files within the web root.
🎯 Exploit Status
Exploitation is straightforward via crafted HTTP requests to the vulnerable function.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.8 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/gf-multi-uploader/tags/1.1.8/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins > Installed Plugins. 3. Find 'Multi Uploader for Gravity Forms' and update to version 1.1.8 or later. 4. Alternatively, download the latest version from the WordPress plugin repository and replace the plugin files manually.
🔧 Temporary Workarounds
Disable the plugin
allTemporarily deactivate the vulnerable plugin to prevent exploitation.
wp plugin deactivate gf-multi-uploader
Restrict file deletion permissions
linuxSet strict file permissions on critical directories to limit damage.
chmod 644 wp-config.php
chmod 755 wp-content/uploads/
🧯 If You Can't Patch
- Disable the plugin immediately via WordPress admin or command line.
- Implement web application firewall (WAF) rules to block requests to the vulnerable 'plupload_ajax_delete_file' endpoint.
🔍 How to Verify
Check if Vulnerable:
Check the plugin version in WordPress admin under Plugins > Installed Plugins; if version is 1.1.7 or lower, it is vulnerable.Check Version:
wp plugin get gf-multi-uploader --field=versionVerify Fix Applied:
After updating, confirm the plugin version is 1.1.8 or higher in the WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to '/wp-admin/admin-ajax.php' with action 'plupload_ajax_delete_file' and unusual file paths in parameters.
Network Indicators:
- Unusual outbound traffic patterns indicating file deletion attempts or site errors.
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND post_data LIKE "%plupload_ajax_delete_file%"