CVE-2025-7812
📋 TL;DR
This CSRF vulnerability in the Video Share VOD WordPress plugin allows attackers to trick administrators into executing malicious actions. When exploited, it can lead to remote code execution if the Server command execution setting is enabled. All WordPress sites using this plugin up to version 2.7.6 are affected.
💻 Affected Systems
- Video Share VOD – Turnkey Video Site Builder Script WordPress plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Full site compromise with remote code execution leading to data theft, malware installation, or complete system takeover.
Likely Case
Unauthorized configuration changes, potential data exposure, and limited code execution depending on plugin settings.
If Mitigated
Failed CSRF attacks with proper nonce validation in place, no impact on properly configured systems.
🎯 Exploit Status
Exploitation requires social engineering to trick an administrator, but the technical complexity is low once the victim is tricked.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: 2.7.7 or later
Vendor Advisory: https://plugins.trac.wordpress.org/changeset/3348480/video-share-vod/trunk/video-share-vod.php
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins. 3. Find Video Share VOD plugin. 4. Click Update Now or manually update to version 2.7.7+. 5. Verify update completes successfully.
🔧 Temporary Workarounds
Disable Server Command Execution
allTurn off the vulnerable Server command execution setting in plugin configuration.
Temporary Plugin Deactivation
allDeactivate the plugin until patched to prevent exploitation.
🧯 If You Can't Patch
- Implement strict CSRF protection at the web application firewall level.
- Restrict admin panel access to trusted IP addresses only.
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin panel > Plugins > Video Share VOD > Version. If version is 2.7.6 or lower, you are vulnerable.Check Version:
wp plugin list --name=video-share-vod --field=versionVerify Fix Applied:
After updating, confirm plugin version shows 2.7.7 or higher in WordPress admin.📡 Detection & Monitoring
Log Indicators:
- Unauthorized POST requests to /wp-admin/admin-ajax.php with action=adminExport
- Unexpected changes to plugin settings
Network Indicators:
- CSRF attack patterns with forged requests to admin endpoints
SIEM Query:
source="wordpress.log" AND (uri="/wp-admin/admin-ajax.php" AND parameters.action="adminExport")🔗 References
- https://plugins.trac.wordpress.org/browser/video-share-vod/trunk/inc/options.php#L728
- https://plugins.trac.wordpress.org/browser/video-share-vod/trunk/video-share-vod.php#L3360
- https://plugins.trac.wordpress.org/changeset/3348480/video-share-vod/trunk/video-share-vod.php
- https://www.wordfence.com/threat-intel/vulnerabilities/id/b9e499c4-e683-4587-b0ab-7f4ecde94e41?source=cve
