CVE-2025-54750
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP include/require statements. It affects WordPress sites running FunnelKit Funnel Builder plugin versions up to 3.11.1, potentially leading to sensitive information disclosure or code execution.
💻 Affected Systems
- Funnel Builder by FunnelKit (WordPress plugin)
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full server compromise through local file inclusion leading to remote code execution, data theft, and complete site takeover.
Likely Case
Sensitive file disclosure (configuration files, database credentials), limited code execution, and privilege escalation.
If Mitigated
Limited impact with proper file permissions and security controls, potentially only information disclosure.
🎯 Exploit Status
Public exploit details available. Attack requires web server access to vulnerable endpoint.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 3.11.2 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins → Installed Plugins
3. Find 'Funnel Builder by FunnelKit'
4. Click 'Update Now' if available
5. If no update shows, manually download version 3.11.2+ from WordPress.org
6. Deactivate, delete old version, upload new version
7. Reactivate plugin
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate Funnel Builder plugin until patched
wp plugin deactivate funnel-builder
Restrict file access
linuxSet proper file permissions and disable dangerous PHP functions
chmod 644 vulnerable_files.php
php_admin_value disable_functions "include,require"
🧯 If You Can't Patch
- Implement web application firewall (WAF) rules to block file inclusion patterns
- Restrict plugin access to authenticated users only via .htaccess or nginx rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress plugin version in admin panel or via wp-cli: wp plugin get funnel-builder --field=versionCheck Version:
wp plugin get funnel-builder --field=versionVerify Fix Applied:
Confirm plugin version is 3.11.2 or higher and test vulnerable endpoints📡 Detection & Monitoring
Log Indicators:
- Unusual file access patterns in PHP error logs
- Requests with file inclusion parameters like ?file=../../etc/passwd
Network Indicators:
- HTTP requests with path traversal sequences in parameters
- Unexpected file downloads from plugin endpoints
SIEM Query:
source="web_server_logs" AND (uri="*funnel-builder*" AND (param="*../*" OR param="*php://*" OR param="*file=*"))