CVE-2025-28951
📋 TL;DR
This vulnerability allows attackers to upload arbitrary files, including web shells, to WordPress servers running the Bulk Featured Image plugin. Attackers can gain full control of affected websites. All WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- WordPress Bulk Featured Image Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete server compromise leading to data theft, ransomware deployment, or use as part of a botnet.
Likely Case
Website defacement, data exfiltration, or installation of backdoors for persistent access.
If Mitigated
Limited impact if file uploads are restricted via web application firewall or server configuration.
🎯 Exploit Status
Simple HTTP POST request with malicious file upload can exploit this vulnerability.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.2.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Bulk Featured Image. 4. Click 'Update Now' if available. 5. If no update available, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Disable Plugin
allDeactivate and remove the vulnerable plugin from WordPress
wp plugin deactivate bulk-featured-image
wp plugin delete bulk-featured-image
Web Application Firewall Rule
linuxBlock file uploads to the vulnerable endpoint
ModSecurity rule: SecRule REQUEST_URI "@contains /wp-content/plugins/bulk-featured-image/" "id:1001,phase:2,deny"
🧯 If You Can't Patch
- Immediately disable the Bulk Featured Image plugin
- Implement strict file upload restrictions at the web server level
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Bulk Featured Image version. If version is 1.2.1 or earlier, you are vulnerable.Check Version:
wp plugin get bulk-featured-image --field=versionVerify Fix Applied:
Confirm plugin version is 1.2.2 or later, or verify plugin is completely removed from /wp-content/plugins/ directory.📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-content/plugins/bulk-featured-image/ upload endpoints
- File uploads with .php, .phtml, or other executable extensions
Network Indicators:
- Unusual outbound connections from web server
- POST requests with file uploads to plugin-specific paths
SIEM Query:
source="web_server" AND (uri="/wp-content/plugins/bulk-featured-image/*" AND method="POST")