CVE-2025-32118
📋 TL;DR
This vulnerability allows attackers to upload malicious files to WordPress sites using the CMP – Coming Soon & Maintenance plugin. Attackers can achieve remote code execution by uploading dangerous file types like PHP scripts. All WordPress sites running affected plugin versions are vulnerable.
💻 Affected Systems
- NiteoThemes CMP – Coming Soon & Maintenance WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise through remote code execution, allowing attackers to deface websites, steal data, install backdoors, or pivot to other systems.
Likely Case
Website defacement, malware distribution, credential theft, and unauthorized administrative access to the WordPress installation.
If Mitigated
Limited impact if file uploads are restricted at web server level or if the plugin is disabled, though the vulnerability still exists.
🎯 Exploit Status
The vulnerability is publicly documented with technical details available. Attackers can exploit this without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.1.14 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'CMP – Coming Soon & Maintenance' and click 'Update Now'. 4. Verify the plugin version is 4.1.14 or higher.
🔧 Temporary Workarounds
Disable Plugin
allTemporarily deactivate the vulnerable plugin until patching is possible
wp plugin deactivate cmp-coming-soon-maintenance
Restrict File Uploads
linuxConfigure web server to block execution of uploaded files in WordPress uploads directory
Add 'deny from all' to .htaccess in wp-content/uploads directory
🧯 If You Can't Patch
- Immediately disable the CMP – Coming Soon & Maintenance plugin
- Implement web application firewall rules to block file upload attempts to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for CMP – Coming Soon & Maintenance version. If version is 4.1.13 or lower, you are vulnerable.Check Version:
wp plugin get cmp-coming-soon-maintenance --field=versionVerify Fix Applied:
After updating, verify the plugin shows version 4.1.14 or higher in WordPress admin panel.📡 Detection & Monitoring
Log Indicators:
- POST requests to /wp-admin/admin-ajax.php with 'action=cmp_upload_image' parameter
- File uploads to wp-content/uploads with suspicious extensions (.php, .phtml, .phar)
Network Indicators:
- Unusual file upload traffic to WordPress admin endpoints
- HTTP requests with multipart/form-data containing executable file types
SIEM Query:
source="web_server_logs" AND (uri_path="/wp-admin/admin-ajax.php" AND post_data CONTAINS "cmp_upload_image")