CVE-2025-32627
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects all WordPress sites running JS Job Manager plugin versions up to 2.0.2, potentially leading to sensitive information disclosure or code execution.
💻 Affected Systems
- JS Job Manager (WordPress plugin)
📦 What is this software?
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through Local File Inclusion leading to Remote Code Execution, sensitive file disclosure (including configuration files with database credentials), and complete site takeover.
Likely Case
Sensitive information disclosure including configuration files, source code, and potentially database credentials, leading to data breaches or further exploitation.
If Mitigated
Limited impact with proper file permissions, web application firewalls, and restricted PHP execution environments preventing file inclusion.
🎯 Exploit Status
PHP Local File Inclusion vulnerabilities are commonly exploited with simple HTTP requests. The PatchStack reference indicates public disclosure and likely exploitation attempts.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.0.3 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'JS Job Manager' and check if update is available. 4. Click 'Update Now' to upgrade to version 2.0.3 or later. 5. Verify update completed successfully.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily disable the JS Job Manager plugin until patched
wp plugin deactivate js-jobs
Web Application Firewall rule
allBlock requests containing file inclusion patterns in plugin paths
Add WAF rule: Block requests to /wp-content/plugins/js-jobs/* with ../ or file:// patterns
🧯 If You Can't Patch
- Implement strict file permissions (disable PHP execution in upload directories, set proper ownership)
- Deploy web application firewall with LFI protection rules and monitor for exploitation attempts
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel → Plugins → Installed Plugins for JS Job Manager version. If version is 2.0.2 or earlier, system is vulnerable.Check Version:
wp plugin get js-jobs --field=versionVerify Fix Applied:
Verify plugin version shows 2.0.3 or later in WordPress admin. Test functionality remains working.📡 Detection & Monitoring
Log Indicators:
- HTTP requests to /wp-content/plugins/js-jobs/ with ../ patterns
- PHP error logs showing file inclusion warnings
- Access to sensitive files like /etc/passwd or wp-config.php
Network Indicators:
- HTTP requests with file inclusion payloads in query parameters or paths
- Unusual file access patterns from web server process
SIEM Query:
source="web_access_logs" AND (uri_path="/wp-content/plugins/js-jobs/*" AND (query="*../*" OR query="*file://*"))