CVE-2025-30895
📋 TL;DR
This path traversal vulnerability in the WpEvently WordPress plugin allows attackers to include arbitrary PHP files from the server, potentially leading to remote code execution. It affects all WpEvently installations running versions up to 4.2.9. WordPress administrators using this plugin are at risk.
💻 Affected Systems
- magepeopleteam WpEvently WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise via remote code execution, allowing attackers to install backdoors, steal sensitive data, or pivot to other systems.
Likely Case
Local file inclusion leading to information disclosure of sensitive files (config files, credentials) or limited code execution.
If Mitigated
Attack blocked by proper file permissions, web application firewalls, or security plugins that detect path traversal attempts.
🎯 Exploit Status
Exploitation requires understanding of path traversal techniques and WordPress plugin structure.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 4.2.9
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WpEvently plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and remove plugin immediately.
🔧 Temporary Workarounds
Web Application Firewall Rule
allBlock path traversal patterns in HTTP requests
Disable Plugin
WordPressTemporarily disable WpEvently plugin until patched
wp plugin deactivate mage-eventpress
🧯 If You Can't Patch
- Implement strict file permissions on web directories (755 for directories, 644 for files)
- Deploy web application firewall with path traversal detection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for WpEvently versionCheck Version:
wp plugin get mage-eventpress --field=versionVerify Fix Applied:
Verify WpEvently plugin version is greater than 4.2.9📡 Detection & Monitoring
Log Indicators:
- Unusual file include attempts in web server logs
- Requests containing '../' patterns
- Access to non-standard PHP files
Network Indicators:
- HTTP requests with path traversal sequences (../, ..\)
- Requests to plugin-specific endpoints with file parameters
SIEM Query:
web_access_logs WHERE url CONTAINS '../' AND url CONTAINS 'wpevently' OR 'mage-eventpress'