CVE-2025-25141
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It affects WordPress sites running the Fami Sales Popup plugin, potentially leading to sensitive information disclosure or code execution. All users of the plugin versions up to 2.0.0 are vulnerable.
💻 Affected Systems
- Fami Sales Popup WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, sensitive file disclosure (like /etc/passwd, database credentials), and complete website takeover.
Likely Case
Sensitive information disclosure including configuration files, database credentials, and other local files accessible to the web server user.
If Mitigated
Limited impact if proper file permissions restrict web server access to sensitive directories and files.
🎯 Exploit Status
Exploitation requires sending crafted requests to vulnerable endpoints. Public proof-of-concept exists in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.1 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Fami Sales Popup and click 'Update Now'. 4. Verify plugin version is 2.0.1 or higher.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate fami-sales-popup
Web Application Firewall Rule
allBlock requests containing path traversal sequences
Add WAF rule to block requests with '../' or similar path traversal patterns
🧯 If You Can't Patch
- Implement strict file permissions to restrict web server user access to sensitive directories
- Deploy web application firewall with rules to detect and block local file inclusion attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Fami Sales Popup version. If version is 2.0.0 or lower, system is vulnerable.Check Version:
wp plugin get fami-sales-popup --field=versionVerify Fix Applied:
Verify plugin version is 2.0.1 or higher in WordPress admin panel. Test vulnerable endpoints with controlled payloads.📡 Detection & Monitoring
Log Indicators:
- HTTP requests containing '../' sequences
- Requests to plugin-specific endpoints with file path parameters
- Unusual file access patterns in web server logs
Network Indicators:
- HTTP GET/POST requests with file path parameters to plugin endpoints
- Traffic patterns showing attempts to access sensitive file paths
SIEM Query:
source="web_server_logs" AND (uri="*fami-sales-popup*" AND (uri="*../*" OR uri="*/etc/*" OR uri="*/proc/*"))