CVE-2025-5288 – This vulnerability allows unauthenticated attac... (How to Fix)

Q: What is the severity of CVE-2025-5288?

CVE-2025-5288 has a CVSS score of 9.8 (CRITICAL). This vulnerability allows unauthenticated attackers to create new administrator accounts on WordPress sites using the REST API | Custom API Generator For Cross Platform And Import Export plugin. Attackers can exploit this by sending specially crafted POST requests to import malicious JSON data. All WordPress sites running vulnerable versions of this plugin are affected.

📋 TL;DR

This vulnerability allows unauthenticated attackers to create new administrator accounts on WordPress sites using the REST API | Custom API Generator For Cross Platform And Import Export plugin. Attackers can exploit this by sending specially crafted POST requests to import malicious JSON data. All WordPress sites running vulnerable versions of this plugin are affected.

💻 Affected Systems

Products:

REST API | Custom API Generator For Cross Platform And Import Export In WP WordPress plugin

Versions: 1.0.0 to 2.0.3

Operating Systems: Any OS running WordPress

Default Config Vulnerable: ⚠️ Yes

Notes: All WordPress installations with the vulnerable plugin versions are affected regardless of configuration.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

Review the CVE details at NVD
Check vendor security advisories for your specific version
Test if the vulnerability is exploitable in your environment
Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Complete site takeover with attacker gaining full administrator privileges, allowing them to install backdoors, steal data, deface the site, or use the server for further attacks.

🟠

Likely Case

Attackers create hidden administrator accounts to maintain persistent access, then use the compromised site for malware distribution, phishing campaigns, or credential theft.

🟢

If Mitigated

With proper network segmentation and monitoring, the impact is limited to the affected WordPress instance, allowing for quick detection and remediation before significant damage occurs.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ⚠️ Yes

Weaponized: LIKELY

Unauthenticated Exploit: ⚠️ Yes

Complexity: LOW

The vulnerability is trivial to exploit with simple HTTP POST requests and requires no authentication.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 2.0.4 or later

Vendor Advisory: https://wordpress.org/plugins/import-export-with-custom-rest-api/#developers

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins → Installed Plugins. 3. Find 'REST API | Custom API Generator For Cross Platform And Import Export'. 4. Click 'Update Now' if update is available. 5. If no update appears, manually download version 2.0.4+ from WordPress.org and replace the plugin files.

🔧 Temporary Workarounds

Disable vulnerable plugin

all

Temporarily disable the plugin until patched

wp plugin deactivate import-export-with-custom-rest-api

Block REST API endpoints

linux

Use web application firewall to block access to vulnerable endpoints

# Add to .htaccess for Apache:
RewriteRule ^wp-json/import-export-with-custom-rest-api/.*$ - [F,L]
# Add to nginx config:
location ~* ^/wp-json/import-export-with-custom-rest-api/ { deny all; }

🧯 If You Can't Patch

Immediately disable the plugin and remove its files from the server
Implement strict network access controls to limit who can access the WordPress REST API endpoints

🔍 How to Verify

Check if Vulnerable:

Check WordPress admin panel → Plugins → Installed Plugins for 'REST API | Custom API Generator For Cross Platform And Import Export' version 1.0.0-2.0.3

Check Version:

wp plugin get import-export-with-custom-rest-api --field=version

Verify Fix Applied:

Verify plugin version is 2.0.4 or higher in WordPress admin panel

📡 Detection & Monitoring

Log Indicators:

POST requests to /wp-json/import-export-with-custom-rest-api/v1/import_api
Unusual user creation events in WordPress logs
Multiple failed login attempts from new administrator accounts

Network Indicators:

HTTP POST requests containing JSON with user creation parameters to vulnerable endpoints
Traffic spikes to WordPress REST API endpoints

SIEM Query:

source="wordpress" AND (uri_path="/wp-json/import-export-with-custom-rest-api/v1/import_api" OR event="user_created")

📊 Metadata

CVE ID: CVE-2025-5288

CVSS v3 Score: 9.8 (CRITICAL)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H

CWE: CWE-862

EPSS Score: 0.21% exploit probability (43.8th percentile)

Published: June 13, 2025

Last Updated: June 16, 2025

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-5288, you might also want to check these: