CVE-2025-14447
📋 TL;DR
The AnnunciFunebri Impresa WordPress plugin has an authorization vulnerability that allows authenticated users with Subscriber-level access or higher to reset all plugin options to defaults. This affects all WordPress sites using plugin versions up to 4.7.0. Attackers can disrupt plugin functionality by deleting configuration settings.
💻 Affected Systems
- AnnunciFunebri Impresa WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Malicious authenticated users reset critical plugin configurations, causing service disruption, loss of custom settings, and potential business impact for funeral announcement services.
Likely Case
Low-privilege users accidentally or intentionally reset plugin settings, requiring administrator intervention to reconfigure the plugin.
If Mitigated
Only administrators can modify plugin settings, maintaining normal operations with proper access controls.
🎯 Exploit Status
Exploitation requires authenticated access but is trivial once authenticated. The vulnerable function is publicly documented in plugin code.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.7.1 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/annuncifunebri-onoranza
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'AnnunciFunebri Impresa' plugin
4. Click 'Update Now' if update available
5. If no update available, deactivate and remove plugin until patched version is released
🔧 Temporary Workarounds
Remove Subscriber Access
allTemporarily remove Subscriber role from all users or restrict plugin access to Administrator role only
Disable Plugin
allDeactivate the AnnunciFunebri Impresa plugin until patched version is available
🧯 If You Can't Patch
- Implement WordPress role-based access controls to restrict plugin management to Administrator role only
- Monitor WordPress audit logs for unauthorized plugin configuration changes
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → AnnunciFunebri Impresa → Version number. If version is 4.7.0 or earlier, you are vulnerable.Check Version:
wp plugin list --name=annuncifunebri-onoranza --field=versionVerify Fix Applied:
After updating, verify plugin version is 4.7.1 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- WordPress audit logs showing non-admin users modifying plugin settings
- Plugin option reset events in WordPress debug logs
Network Indicators:
- POST requests to WordPress admin-ajax.php or admin-post.php with annfu_reset_options action
SIEM Query:
source="wordpress" AND (action="plugin_modified" OR message="*annfu_reset_options*")🔗 References
- https://plugins.trac.wordpress.org/browser/annuncifunebri-onoranza/tags/4.7.0/functions.inc.php#L845
- https://plugins.trac.wordpress.org/browser/annuncifunebri-onoranza/trunk/functions.inc.php#L845
- https://www.wordfence.com/threat-intel/vulnerabilities/id/2b9ea2a2-34af-408c-91ee-6d5fd9431529?source=cve
