CVE-2025-60200
📋 TL;DR
This vulnerability allows attackers to include local files on the server through improper filename control in PHP's include/require statements. It affects WordPress sites using the LearnPress Export Import plugin version 4.0.9 and earlier, potentially leading to sensitive file disclosure or code execution.
💻 Affected Systems
- LearnPress Export Import WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Remote code execution leading to complete server compromise, data theft, and website defacement.
Likely Case
Sensitive file disclosure (configuration files, database credentials) and limited code execution.
If Mitigated
File inclusion attempts logged and blocked by web application firewall.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 4.0.10 or later
Restart Required: No
Instructions:
1. Log into WordPress admin panel
2. Navigate to Plugins > Installed Plugins
3. Find LearnPress Export Import
4. Click 'Update Now' if available
5. If no update available, deactivate and remove plugin
6. Reinstall latest version from WordPress repository
🔧 Temporary Workarounds
Disable Plugin
allTemporarily disable the vulnerable plugin until patched
wp plugin deactivate learnpress-import-export
Web Application Firewall Rule
allBlock requests containing local file inclusion patterns
Add WAF rule to block requests with patterns like '..', '/etc/', 'php://' in URL parameters
🧯 If You Can't Patch
- Implement strict file permission controls on web server directories
- Deploy web application firewall with LFI protection rules
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > LearnPress Export Import version numberCheck Version:
wp plugin get learnpress-import-export --field=versionVerify Fix Applied:
Verify plugin version is 4.0.10 or higher in WordPress admin📡 Detection & Monitoring
Log Indicators:
- HTTP requests with file inclusion patterns in parameters
- Multiple 404 errors for non-existent plugin files
- Access to sensitive system files from web logs
Network Indicators:
- Unusual POST/GET requests to plugin endpoints with file paths
- Traffic spikes to /wp-content/plugins/learnpress-import-export/
SIEM Query:
source="web_logs" AND (uri="*learnpress-import-export*" AND (params="*..*" OR params="*/etc/*" OR params="*php://*"))