CVE-2025-1973
📋 TL;DR
This vulnerability in the Export and Import Users and Customers WordPress plugin allows authenticated attackers with Administrator privileges to perform path traversal attacks. By exploiting the download_file() function, attackers can read arbitrary log files on the server, potentially exposing sensitive information. All WordPress sites using this plugin up to version 2.6.2 are affected.
💻 Affected Systems
- Export and Import Users and Customers WordPress plugin
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Administrator-level attackers could read sensitive server logs containing database credentials, API keys, user data, or other confidential information, leading to full system compromise.
Likely Case
Malicious administrators or compromised admin accounts reading log files to gather sensitive information for further attacks or data exfiltration.
If Mitigated
With proper access controls and monitoring, impact is limited to authorized administrators who shouldn't have access to arbitrary server files.
🎯 Exploit Status
Exploitation requires administrator credentials but is technically simple once authenticated.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.6.3
Vendor Advisory: https://wordpress.org/plugins/users-customers-import-export-for-wp-woocommerce/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Export and Import Users and Customers' plugin. 4. Click 'Update Now' if available, or download version 2.6.3+ from WordPress repository. 5. Activate updated plugin.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the plugin until patched
wp plugin deactivate users-customers-import-export-for-wp-woocommerce
Restrict admin access
allLimit administrator accounts to trusted personnel only
🧯 If You Can't Patch
- Implement strict access controls and monitor administrator account activity
- Restrict file system permissions and implement web application firewall rules
🔍 How to Verify
Check if Vulnerable:
Check plugin version in WordPress admin under Plugins → Installed Plugins. If version is 2.6.2 or lower, you are vulnerable.Check Version:
wp plugin get users-customers-import-export-for-wp-woocommerce --field=versionVerify Fix Applied:
Verify plugin version is 2.6.3 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs, particularly requests to plugin's history.php with file parameter manipulation
Network Indicators:
- HTTP requests to /wp-content/plugins/users-customers-import-export-for-wp-woocommerce/admin/modules/history/history.php with suspicious file parameters
SIEM Query:
source="web_server" AND uri="*history.php*" AND (param="*../*" OR param="*..\\*" OR param="*absolute/path*")🔗 References
- https://plugins.trac.wordpress.org/browser/users-customers-import-export-for-wp-woocommerce/trunk/admin/modules/history/history.php#L751
- https://plugins.trac.wordpress.org/changeset/3259688/
- https://wordpress.org/plugins/users-customers-import-export-for-wp-woocommerce/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/13b7a2e4-59f4-4d61-a165-a830ccfb696a?source=cve
