CVE-2025-23918
📋 TL;DR
CVE-2025-23918 is an arbitrary file upload vulnerability in the Smallerik File Browser WordPress plugin that allows attackers to upload malicious files like web shells to the server. This affects all WordPress sites running Smallerik File Browser version 1.1 and earlier. Successful exploitation gives attackers remote code execution capabilities on vulnerable web servers.
💻 Affected Systems
- Smallerik File Browser WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, lateral movement to other systems, and persistent backdoor installation.
Likely Case
Web shell upload enabling website defacement, credential harvesting, data exfiltration, and use as attack platform for further exploitation.
If Mitigated
File upload attempts blocked or quarantined with no successful exploitation.
🎯 Exploit Status
Exploitation requires no authentication and can be performed with simple HTTP requests. Public exploit code is available.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Smallerik File Browser and click 'Update Now'. 4. Verify version is 1.2 or higher. 5. Test file upload functionality.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the Smallerik File Browser plugin until patched
wp plugin deactivate smallerik-file-browser
Web Application Firewall Rule
linuxBlock file upload requests to vulnerable endpoints
ModSecurity: SecRule REQUEST_URI "@rx /wp-content/plugins/smallerik-file-browser/.*upload" "id:1001,phase:2,deny,status:403,msg:'Blocking Smallerik File Browser exploit'"
🧯 If You Can't Patch
- Remove the Smallerik File Browser plugin completely from the WordPress installation
- Implement strict file upload validation at the web server level using .htaccess or nginx rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress plugin version via admin panel or inspect wp-content/plugins/smallerik-file-browser/readme.txt for version <=1.1Check Version:
wp plugin get smallerik-file-browser --field=versionVerify Fix Applied:
Verify plugin version is 1.2 or higher and test file upload functionality with restricted file types📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-content/plugins/smallerik-file-browser/upload.php with PHP/executable file extensions
- Unusual file creations in upload directories with .php, .phtml, .phar extensions
- Web shell activity patterns in access logs
Network Indicators:
- POST requests to plugin upload endpoints with suspicious file contents
- Outbound connections from web server to unknown IPs following upload activity
SIEM Query:
source="web_logs" AND uri="/wp-content/plugins/smallerik-file-browser/upload.php" AND method="POST" AND (file_extension="php" OR file_extension="phtml" OR file_extension="phar")