CVE-2025-28916
📋 TL;DR
This CVE describes a PHP Local File Inclusion vulnerability in the Docpro WordPress plugin that allows attackers to include arbitrary local files via improper filename control in include/require statements. Attackers can potentially read sensitive files, execute code, or escalate privileges. All WordPress sites running Docpro plugin versions up to 2.0.1 are affected.
💻 Affected Systems
- WordPress Docpro plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise leading to data theft, ransomware deployment, or complete site takeover through remote code execution.
Likely Case
Sensitive file disclosure (configuration files, database credentials), limited code execution, or privilege escalation.
If Mitigated
Unauthorized file reads limited to web-accessible directories if proper file permissions are configured.
🎯 Exploit Status
Simple path traversal or file inclusion payloads can trigger the vulnerability. Public exploit details available in security advisories.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.2 or later
Vendor Advisory: https://patchstack.com/database/wordpress/plugin/docpro/vulnerability/wordpress-docpro-plugin-2-0-1-local-file-inclusion-vulnerability?_s_id=cve
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Docpro plugin and check for updates. 4. Update to version 2.0.2 or later. 5. Verify plugin functionality after update.
🔧 Temporary Workarounds
Disable Docpro plugin
allTemporarily deactivate the vulnerable plugin until patched
wp plugin deactivate docpro
Web Application Firewall rule
allBlock requests containing path traversal patterns targeting Docpro endpoints
ModSecurity rule: SecRule REQUEST_URI "@rx (?i)(\.\./|\.\.\\)" "id:1001,phase:1,deny,status:403,msg:'Path Traversal Attempt'"
WAF configuration depends on specific platform
🧯 If You Can't Patch
- Remove Docpro plugin completely from production environment
- Implement strict file system permissions (chmod 600 for sensitive files, chmod 755 for web directories)
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for Docpro version. If version is 2.0.1 or earlier, system is vulnerable.Check Version:
wp plugin list --name=docpro --field=versionVerify Fix Applied:
Confirm Docpro plugin version is 2.0.2 or later in WordPress admin panel. Test plugin functionality remains intact.📡 Detection & Monitoring
Log Indicators:
- HTTP requests with path traversal patterns (../, ..\) to Docpro plugin endpoints
- PHP include/require errors in web server logs
- Unusual file access patterns from web process
Network Indicators:
- HTTP requests containing '../../' patterns
- Requests to Docpro-specific URLs with file path parameters
- Abnormal response sizes from plugin endpoints
SIEM Query:
source="web_server_logs" AND (uri="*docpro*" AND (uri="*../*" OR uri="*..\\*" OR uri="*file=*" OR uri="*include=*"))