CVE-2025-2883
📋 TL;DR
The Accept SagePay Payments Using Contact Form 7 WordPress plugin exposes sensitive server information through a publicly accessible phpinfo.php script. This allows unauthenticated attackers to view PHP configuration details, environment variables, and potentially sensitive data. All WordPress sites using this plugin version 2.0 or earlier are affected.
💻 Affected Systems
- Accept SagePay Payments Using Contact Form 7 WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers obtain database credentials, API keys, or other secrets from PHP environment variables, leading to complete system compromise, data theft, or financial fraud.
Likely Case
Attackers gather server configuration details, PHP settings, and environment information that could be used for further attacks or reconnaissance.
If Mitigated
Limited exposure of non-sensitive PHP configuration details with no access to critical secrets.
🎯 Exploit Status
Exploitation requires only accessing the vulnerable URL path. The vulnerability is trivial to exploit.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2.0 (check plugin repository for latest)
Vendor Advisory: https://wordpress.org/plugins/accept-sagepay-payments-using-contact-form-7/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'Accept SagePay Payments Using Contact Form 7'. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove the plugin.
🔧 Temporary Workarounds
Remove vulnerable file
linuxDelete the publicly accessible phpinfo.php file from the plugin directory
rm /path/to/wordpress/wp-content/plugins/accept-sagepay-payments-using-contact-form-7/inc/front/template/cfspzw-info.php
Block access via .htaccess
allAdd rule to block access to the vulnerable file
<Files "cfspzw-info.php">
Order Allow,Deny
Deny from all
</Files>
🧯 If You Can't Patch
- Immediately deactivate and remove the plugin from WordPress
- Implement web application firewall rules to block access to /wp-content/plugins/accept-sagepay-payments-using-contact-form-7/inc/front/template/cfspzw-info.php
🔍 How to Verify
Check if Vulnerable:
Access https://your-site.com/wp-content/plugins/accept-sagepay-payments-using-contact-form-7/inc/front/template/cfspzw-info.php - if it shows PHP configuration page, you're vulnerable.Check Version:
wp plugin get accept-sagepay-payments-using-contact-form-7 --field=versionVerify Fix Applied:
Attempt to access the same URL after patching - should return 404 or access denied.📡 Detection & Monitoring
Log Indicators:
- HTTP 200 requests to cfspzw-info.php
- Unusual traffic to plugin directory
Network Indicators:
- GET requests to /wp-content/plugins/accept-sagepay-payments-using-contact-form-7/inc/front/template/cfspzw-info.php
SIEM Query:
url:*/cfspzw-info.php AND http_status:200🔗 References
- https://plugins.trac.wordpress.org/browser/accept-sagepay-payments-using-contact-form-7/trunk/inc/front/template/cfspzw-info.php#L6
- https://plugins.trac.wordpress.org/changeset/3266837/
- https://wordpress.org/plugins/accept-sagepay-payments-using-contact-form-7/#developers
- https://www.wordfence.com/threat-intel/vulnerabilities/id/ed6cbd55-0e3a-4343-9e1b-b413a132bcdd?source=cve
