CVE-2025-30782
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It affects WordPress sites running the Subscribe to Download Lite plugin version 1.2.9 and earlier. Attackers can potentially read sensitive files or execute arbitrary code.
💻 Affected Systems
- Subscribe to Download Lite WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, data exfiltration, and complete site takeover.
Likely Case
Sensitive file disclosure (configuration files, database credentials), limited code execution, and potential privilege escalation.
If Mitigated
Limited impact with proper file permissions, disabled PHP execution in upload directories, and security plugins blocking malicious requests.
🎯 Exploit Status
Exploitation requires no authentication and uses simple HTTP requests. Public proof-of-concept demonstrates file inclusion via manipulated parameters.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.0 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find Subscribe to Download Lite. 4. Click Update Now if update available. 5. If no update available, deactivate and delete plugin, then install fresh version from WordPress repository.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the Subscribe to Download Lite plugin until patched
wp plugin deactivate subscribe-to-download-lite
Web Application Firewall rule
allBlock requests containing local file inclusion patterns
Add WAF rule: Block requests with patterns like '..', 'etc/passwd', 'wp-config.php' in URL parameters
🧯 If You Can't Patch
- Implement strict file permissions (644 for files, 755 for directories)
- Deploy web application firewall with LFI protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for Subscribe to Download Lite version 1.2.9 or earlierCheck Version:
wp plugin get subscribe-to-download-lite --field=versionVerify Fix Applied:
Verify plugin version is 1.3.0 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP requests with suspicious parameters containing '..', '../', or known file paths like /etc/passwd, wp-config.php
Network Indicators:
- Unusual GET/POST requests to plugin endpoints with file path parameters
SIEM Query:
source="web_logs" AND (uri="*subscribe-to-download*" AND (param="*..*" OR param="*etc*" OR param="*wp-config*"))