CVE-2025-30890
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites using the Login Widget for Ultimate Member plugin versions up to 1.1.2, potentially leading to information disclosure or code execution.
💻 Affected Systems
- Login Widget for Ultimate Member WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, sensitive file disclosure (including configuration files with credentials), and complete site takeover.
Likely Case
Information disclosure of sensitive files (wp-config.php, /etc/passwd), partial code execution through PHP wrappers, and potential privilege escalation.
If Mitigated
Limited impact if file permissions are properly configured, PHP open_basedir restrictions are enabled, and web server runs with minimal privileges.
🎯 Exploit Status
Exploitation requires understanding of PHP file inclusion techniques and knowledge of the target system's file structure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.1.2
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Login Widget for Ultimate Member'
4. Click 'Update Now' if update available
5. If no update available, deactivate and remove plugin
6. Install updated version from WordPress repository
🔧 Temporary Workarounds
Disable vulnerable plugin
WordPressTemporarily disable the Login Widget for Ultimate Member plugin until patched
wp plugin deactivate login-widget-for-ultimate-member
PHP configuration hardening
PHPSet PHP open_basedir restrictions and disable dangerous functions
open_basedir = /var/www/html
disable_functions = allow_url_include
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file inclusion patterns
- Restrict file system access through proper permissions and PHP configuration
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for 'Login Widget for Ultimate Member' version 1.1.2 or earlierCheck Version:
wp plugin get login-widget-for-ultimate-member --field=versionVerify Fix Applied:
Verify plugin version is greater than 1.1.2 in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- Unusual file paths in PHP error logs
- Multiple requests with '../' patterns
- Requests to plugin files with file parameter
Network Indicators:
- HTTP requests containing file inclusion patterns (../, /etc/passwd, wp-config.php)
- Unusual requests to plugin-specific endpoints
SIEM Query:
source="web_logs" AND (uri="*login-widget-for-ultimate-member*" AND (query="*file=*" OR query="*include=*" OR query="*../*"))