CVE-2025-30785
📋 TL;DR
This vulnerability allows attackers to include local files on the server through PHP's include/require statements in the Subscribe to Download Lite WordPress plugin. Attackers can potentially read sensitive files or execute code by manipulating file paths. WordPress sites using vulnerable versions of this plugin are affected.
💻 Affected Systems
- Subscribe to Download Lite WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, sensitive data exposure, and complete site takeover.
Likely Case
Information disclosure of sensitive files (configuration files, database credentials, etc.) and limited code execution within the web server context.
If Mitigated
Limited impact if proper file permissions restrict access to sensitive files and web application firewalls block malicious requests.
🎯 Exploit Status
Exploitation requires understanding of PHP file inclusion vulnerabilities and WordPress plugin structure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.3.0 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Subscribe to Download Lite'. 4. Click 'Update Now' if available. 5. If no update appears, manually download version 1.3.0+ from WordPress.org and replace the plugin files.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Subscribe to Download Lite plugin until patched.
Web Application Firewall rules
allImplement WAF rules to block requests containing path traversal sequences like '../' or absolute paths.
🧯 If You Can't Patch
- Remove or disable the Subscribe to Download Lite plugin entirely
- Implement strict file permissions and disable PHP's allow_url_include directive
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Subscribe to Download Lite version 1.2.9 or earlier.Check Version:
wp plugin list --name='subscribe-to-download-lite' --field=versionVerify Fix Applied:
Confirm plugin version is 1.3.0 or later in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in web server logs
- Requests containing '../' sequences or absolute paths to plugin files
Network Indicators:
- HTTP requests with suspicious parameters targeting the vulnerable plugin endpoints
SIEM Query:
web_access_logs WHERE uri CONTAINS 'subscribe-to-download-lite' AND (uri CONTAINS '../' OR params CONTAINS 'file=')