CVE-2025-7778
📋 TL;DR
The Icons Factory WordPress plugin contains an arbitrary file deletion vulnerability that allows unauthenticated attackers to delete any file on the server. This affects all WordPress sites running Icons Factory version 1.6.12 or earlier. Successful exploitation can lead to complete site compromise through remote code execution.
💻 Affected Systems
- WordPress Icons Factory plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Complete site takeover via deletion of wp-config.php followed by RCE, potentially leading to server compromise and data exfiltration.
Likely Case
Site defacement or disruption through deletion of critical WordPress files, causing service downtime.
If Mitigated
Limited impact if file permissions restrict deletion or web application firewall blocks exploit attempts.
🎯 Exploit Status
Simple HTTP requests can trigger the vulnerability without authentication.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 1.6.13 or later
Vendor Advisory: https://wordpress.org/plugins/icons-factory/#developers
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find Icons Factory plugin. 4. Click 'Update Now' if update available. 5. If no update available, deactivate and delete plugin immediately.
🔧 Temporary Workarounds
Disable Icons Factory plugin
allDeactivate the vulnerable plugin to prevent exploitation
wp plugin deactivate icons-factory
Web Application Firewall rule
allBlock requests to the vulnerable delete_files() function endpoint
Add WAF rule to block requests containing 'delete_files' parameter
🧯 If You Can't Patch
- Immediately deactivate and remove the Icons Factory plugin from all WordPress installations
- Implement strict file permissions (644 for files, 755 for directories) and disable PHP execution in upload directories
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Installed Plugins for Icons Factory version 1.6.12 or earlierCheck Version:
wp plugin get icons-factory --field=versionVerify Fix Applied:
Verify plugin version is 1.6.13 or later in WordPress admin panel📡 Detection & Monitoring
Log Indicators:
- HTTP POST requests to /wp-admin/admin-ajax.php with 'action=delete_files' parameter
- File deletion events in system logs for WordPress directories
Network Indicators:
- Unusual POST requests to WordPress admin-ajax.php endpoint from unauthenticated sources
SIEM Query:
source="web_server" AND uri="/wp-admin/admin-ajax.php" AND method="POST" AND params.action="delete_files"