CVE-2025-15020
📋 TL;DR
The Gotham Block Extra Light WordPress plugin contains an arbitrary file read vulnerability in all versions up to 1.5.0. Authenticated attackers with contributor-level access or higher can exploit this to read sensitive files on the server. This affects all WordPress sites using the vulnerable plugin versions.
💻 Affected Systems
- Gotham Block Extra Light WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers gain access to sensitive configuration files (wp-config.php), database credentials, private keys, and other critical system files, potentially leading to complete site compromise.
Likely Case
Attackers read WordPress configuration files to obtain database credentials, then escalate access to take over the website or steal sensitive data.
If Mitigated
With proper access controls and monitoring, exploitation would be detected quickly and limited to low-privileged user accounts.
🎯 Exploit Status
Exploitation requires authenticated access. The vulnerability is in the 'ghostban' shortcode implementation.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.5.0
Vendor Advisory: https://plugins.trac.wordpress.org/browser/gotham-block-extra-light/trunk/premium/ghostban.php?marks=56#L56
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find 'Gotham Block Extra Light'. 4. Click 'Update Now' if available. 5. If no update is available, deactivate and delete the plugin.
🔧 Temporary Workarounds
Remove Contributor Access
allTemporarily remove contributor-level access from untrusted users until patching is complete.
Disable Plugin
linuxDeactivate the Gotham Block Extra Light plugin to prevent exploitation.
wp plugin deactivate gotham-block-extra-light
🧯 If You Can't Patch
- Implement strict user access controls and limit contributor accounts to trusted users only
- Add web application firewall rules to block file read attempts through the ghostban shortcode
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Gotham Block Extra Light. If version is 1.5.0 or lower, you are vulnerable.Check Version:
wp plugin get gotham-block-extra-light --field=versionVerify Fix Applied:
After updating, verify the plugin version is higher than 1.5.0 in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing 'ghostban' shortcode parameters with file paths
- Unusual file access patterns from contributor-level accounts
Network Indicators:
- POST/GET requests to WordPress with ghostban parameters attempting file reads
SIEM Query:
source="web_logs" AND (uri="*ghostban*" OR params="*ghostban*") AND (params="*file*" OR params="*path*")