CVE-2025-7667
📋 TL;DR
This CSRF vulnerability in the WordPress Restrict File Access plugin allows unauthenticated attackers to delete arbitrary files on the server by tricking administrators into clicking malicious links. Successful exploitation can lead to remote code execution by deleting critical files like wp-config.php. All WordPress sites using this plugin up to version 1.1.2 are affected.
💻 Affected Systems
- WordPress Restrict File Access plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site compromise via remote code execution leading to data theft, defacement, or malware installation
Likely Case
Site disruption or data loss from deletion of important files, potentially requiring full restoration from backups
If Mitigated
No impact if proper CSRF protections are implemented or plugin is updated/disabled
🎯 Exploit Status
Exploitation requires social engineering to trick authenticated administrators into clicking malicious links
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.1.3 or later
Vendor Advisory: https://plugins.trac.wordpress.org/browser/restrict-file-access/trunk/admin/admin.php#L78
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find 'Restrict File Access' and click 'Update Now' if available. 4. If no update is available, deactivate and delete the plugin immediately.
🔧 Temporary Workarounds
Disable vulnerable plugin
allTemporarily deactivate the Restrict File Access plugin until patched version is available
wp plugin deactivate restrict-file-access
Add CSRF protection middleware
allImplement custom WordPress filter to add nonce validation to all admin actions
🧯 If You Can't Patch
- Remove plugin entirely and use alternative file restriction solutions
- Implement strict access controls and monitoring for file deletion operations
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Restrict File Access version numberCheck Version:
wp plugin get restrict-file-access --field=versionVerify Fix Applied:
Verify plugin version is 1.1.3 or higher and check that nonce validation is present in admin.php line 78📡 Detection & Monitoring
Log Indicators:
- Unexpected file deletion events in WordPress or web server logs
- Multiple failed admin login attempts followed by file deletion
Network Indicators:
- HTTP POST requests to /wp-admin/admin.php?page=restrict-file-access without proper referrer headers
SIEM Query:
source="wordpress.log" AND "restrict-file-access" AND "DELETE" AND NOT user_agent="WordPress"