CVE-2025-30804
📋 TL;DR
This Cross-Site Request Forgery (CSRF) vulnerability in the wpShopGermany IT-RECHT KANZLEI WordPress plugin allows attackers to trick authenticated administrators into performing unintended actions. The vulnerability affects all WordPress sites using this plugin from unknown versions through version 2.0. Attackers can exploit this to modify plugin settings or perform other administrative actions without the victim's consent.
💻 Affected Systems
- wpShopGermany IT-RECHT KANZLEI WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
An attacker could completely compromise the plugin configuration, potentially disabling legal compliance features or modifying critical settings that affect the entire WordPress site's functionality.
Likely Case
Attackers modify plugin settings to disable important features, change legal text displays, or alter configuration that impacts site operations.
If Mitigated
With proper CSRF protections and user awareness, the impact is minimal as legitimate administrative actions would require explicit user intent.
🎯 Exploit Status
Exploitation requires tricking an authenticated administrator into visiting a malicious page while logged into WordPress.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 2.0
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'wpShopGermany IT-RECHT KANZLEI'. 4. Click 'Update Now' if available. 5. If no update is available, deactivate and delete the plugin, then install the latest version from WordPress repository.
🔧 Temporary Workarounds
CSRF Protection Headers
allImplement Content Security Policy headers to restrict cross-origin requests
Add to .htaccess: Header set Content-Security-Policy "default-src 'self'; script-src 'self'"
Add to nginx config: add_header Content-Security-Policy "default-src 'self'; script-src 'self'";
Plugin Deactivation
linuxTemporarily disable the vulnerable plugin until patched
wp plugin deactivate wpshopgermany-it-recht-kanzlei
🧯 If You Can't Patch
- Restrict administrative access to trusted networks only
- Implement additional authentication factors for administrative actions
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'wpShopGermany IT-RECHT KANZLEI' version 2.0 or earlierCheck Version:
wp plugin get wpshopgermany-it-recht-kanzlei --field=versionVerify Fix Applied:
Verify plugin version is greater than 2.0 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Multiple POST requests to plugin admin endpoints from unexpected referrers
- Unauthorized configuration changes in plugin settings
Network Indicators:
- Cross-origin requests to WordPress admin-ajax.php or plugin-specific endpoints
- Requests with missing or mismatched CSRF tokens
SIEM Query:
source="wordpress.log" AND (uri_path="/wp-admin/admin-ajax.php" OR uri_path CONTAINS "wpshopgermany") AND http_referer NOT CONTAINS "yourdomain.com"