CVE-2025-14464
📋 TL;DR
The PDF Resume Parser WordPress plugin exposes SMTP credentials to unauthenticated users through an insecure AJAX endpoint. This allows attackers to steal email account credentials, potentially leading to email compromise and credential reuse attacks. All WordPress sites using this plugin version 1.0 or earlier are affected.
💻 Affected Systems
- PDF Resume Parser WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain full control of SMTP email accounts, use credentials to access other systems via credential stuffing, send phishing emails from legitimate domains, and potentially pivot to internal networks.
Likely Case
Attackers steal SMTP credentials, compromise email accounts, monitor sensitive communications, and use credentials for credential stuffing attacks against other services.
If Mitigated
Limited impact if SMTP credentials are unique to this service, email accounts have additional security controls, and network segmentation prevents lateral movement.
🎯 Exploit Status
Simple HTTP request to AJAX endpoint exposes credentials. No authentication required.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/pdf-resume-parser/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find PDF Resume Parser plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin immediately.
🔧 Temporary Workarounds
Disable Plugin
allDeactivate and remove vulnerable plugin from WordPress installation
wp plugin deactivate pdf-resume-parser
wp plugin delete pdf-resume-parser
Block AJAX Endpoint
linuxUse web application firewall or .htaccess to block access to vulnerable endpoint
# Add to .htaccess: RewriteRule ^wp-admin/admin-ajax\.php.*pdf-resume-parser.* - [F,L]
🧯 If You Can't Patch
- Immediately deactivate and remove the PDF Resume Parser plugin from all WordPress installations
- Change all SMTP credentials exposed by this vulnerability and monitor for unauthorized access
🔍 How to Verify
Check if Vulnerable:
Check if plugin is installed and version is 1.0 or earlier via WordPress admin panel or by examining wp-content/plugins/pdf-resume-parser/pdf-resume-parser.php file version headerCheck Version:
wp plugin get pdf-resume-parser --field=versionVerify Fix Applied:
Confirm plugin version is 1.1 or later, or verify plugin is completely removed from wp-content/plugins directory📡 Detection & Monitoring
Log Indicators:
- Unusual POST requests to /wp-admin/admin-ajax.php with action=pdf_resume_parser_smtp_test
- Multiple failed SMTP authentication attempts from new IP addresses
- Unusual outbound email traffic patterns
Network Indicators:
- HTTP requests to WordPress AJAX endpoints from unexpected sources
- SMTP connections using exposed credentials from unauthorized IPs
SIEM Query:
source="web_logs" AND uri="/wp-admin/admin-ajax.php" AND params.action="pdf_resume_parser_smtp_test"