CVE-2025-7643
📋 TL;DR
The Attachment Manager WordPress plugin has an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on the server. This affects all versions up to 2.1.2 and can lead to complete site compromise when critical files like wp-config.php are deleted. WordPress sites using this plugin are vulnerable.
💻 Affected Systems
- WordPress Attachment Manager plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover via remote code execution after deleting wp-config.php or other critical files, leading to data loss, defacement, or malware installation.
Likely Case
Site disruption or downtime from deletion of important files, potentially requiring full restoration from backups.
If Mitigated
Limited impact if file permissions restrict deletion or web server runs with minimal privileges.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.1.3 or later
Vendor Advisory: https://wordpress.org/plugins/attachment-manager/
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Go to Plugins → Installed Plugins. 3. Find Attachment Manager. 4. Click 'Update Now' if available. 5. If no update appears, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Immediate plugin deactivation
allDeactivate the vulnerable plugin to prevent exploitation
wp plugin deactivate attachment-manager
File permission hardening
linuxSet restrictive permissions on critical WordPress files
chmod 400 wp-config.php
chmod 400 .htaccess
🧯 If You Can't Patch
- Deactivate and remove the Attachment Manager plugin immediately
- Implement web application firewall rules to block requests to the vulnerable endpoint
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin → Plugins → Installed Plugins for Attachment Manager version 2.1.2 or earlierCheck Version:
wp plugin get attachment-manager --field=versionVerify Fix Applied:
Verify plugin version is 2.1.3 or later, or confirm plugin is not installed📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with action=attachment_manager_delete
- File deletion errors in web server logs
- Unauthorized file access attempts
Network Indicators:
- Unusual POST requests to admin-ajax.php from unauthenticated sources
- Spikes in 404 or 403 errors after file deletions
SIEM Query:
source="web_server" AND (uri_path="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="attachment_manager_delete")