CVE-2025-30773 – CVE-2025-30773 is a PHP object injection vulner... (How to Fix)

Q: What is the severity of CVE-2025-30773?

CVE-2025-30773 has a CVSS score of 7.2 (HIGH). CVE-2025-30773 is a PHP object injection vulnerability in TranslatePress WordPress plugin caused by unsafe deserialization of untrusted data. Attackers can exploit this to execute arbitrary code, potentially compromising the entire WordPress site. All WordPress sites using TranslatePress versions up to 2.9.6 are affected.

📋 TL;DR

CVE-2025-30773 is a PHP object injection vulnerability in TranslatePress WordPress plugin caused by unsafe deserialization of untrusted data. Attackers can exploit this to execute arbitrary code, potentially compromising the entire WordPress site. All WordPress sites using TranslatePress versions up to 2.9.6 are affected.

💻 Affected Systems

Products:

TranslatePress - Multilingual

Versions: n/a through 2.9.6

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All default configurations of affected TranslatePress versions are vulnerable. No special configuration required for exploitation.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Full site compromise leading to complete administrative control, data theft, malware installation, and website defacement.

🟠

Likely Case

Remote code execution allowing attackers to create backdoors, steal sensitive data, or pivot to other systems.

🟢

If Mitigated

Limited impact if proper web application firewalls and input validation are in place, though risk remains significant.

🌐 Internet-Facing: HIGH - WordPress sites are typically internet-facing, making them directly accessible to attackers.

🏢 Internal Only: MEDIUM - Internal WordPress sites could still be exploited by internal threats or through compromised accounts.

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: UNKNOWN

Unauthenticated Exploit: ✅ No

Complexity: MEDIUM

Exploitation requires understanding of PHP object injection techniques and WordPress plugin structure. No public exploit code available at this time.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.9.7 or later

Vendor Advisory: https://patchstack.com/database/wordpress/plugin/translatepress-multilingual/vulnerability/wordpress-translatepress-2-9-6-php-object-injection-vulnerability?_s_id=cve

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find TranslatePress and click 'Update Now'. 4. Verify update to version 2.9.7 or higher.

🔧 Temporary Workarounds

Disable TranslatePress Plugin

WordPress

Temporarily disable the vulnerable plugin until patching is possible

wp plugin deactivate translatepress-multilingual

🧯 If You Can't Patch

Implement web application firewall (WAF) rules to block deserialization attacks
Restrict access to WordPress admin interface using IP whitelisting

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins → TranslatePress version

Check Version:

wp plugin get translatepress-multilingual --field=version

Verify Fix Applied:

Verify TranslatePress version is 2.9.7 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

Unusual POST requests to TranslatePress endpoints
PHP deserialization errors in web server logs
Unexpected plugin file modifications

Network Indicators:

HTTP requests containing serialized PHP objects
Unusual traffic to /wp-content/plugins/translatepress-multilingual/

SIEM Query:

source="web_server_logs" AND (uri="/wp-content/plugins/translatepress-multilingual/*" OR message="*unserialize*" OR message="*__destruct*")

📊 Metadata

CVE ID: CVE-2025-30773

CVSS v3 Score: 7.2 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-502

EPSS Score: 0.4% exploit probability (60.1th percentile)

Published: March 27, 2025

Last Updated: March 27, 2025

🔗 References

https://patchstack.com/database/wordpress/plugin/translatepress-multilingual/vulnerability/wordpress-translatepress-2-9-6-php-object-injection-vulnerability?_s_id=cve

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-30773, you might also want to check these: