CVE-2025-8423
📋 TL;DR
The My WP Translate WordPress plugin has a missing capability check vulnerability that allows authenticated users with Subscriber-level access or higher to read and delete arbitrary WordPress options. This can lead to denial of service by deleting critical configuration options. All WordPress sites using this plugin version 1.1 or earlier are affected.
💻 Affected Systems
- My WP Translate WordPress Plugin
⚠️ Manual Verification Required
This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.
Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).
🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.
- Review the CVE details at NVD
- Check vendor security advisories for your specific version
- Test if the vulnerability is exploitable in your environment
- Consider updating to the latest version as a precaution
⚠️ Risk & Real-World Impact
Worst Case
Attackers delete critical WordPress options like siteurl or home, causing complete site unavailability and requiring database restoration.
Likely Case
Attackers delete plugin or theme options, causing functionality loss and requiring manual reconfiguration.
If Mitigated
With proper access controls and monitoring, impact is limited to logged activity and quick remediation.
🎯 Exploit Status
Requires authenticated access but only Subscriber-level privileges. Exploitation involves calling vulnerable AJAX endpoints.
🛠️ Fix & Mitigation
✅ Official Fix
Patch Version: Version after 1.1
Vendor Advisory: https://plugins.trac.wordpress.org/browser/my-wp-translate
Restart Required: No
Instructions:
1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find My WP Translate plugin. 4. Click 'Update Now' if update available. 5. If no update, deactivate and delete plugin immediately.
🔧 Temporary Workarounds
Remove Plugin
allDeactivate and delete the vulnerable plugin
wp plugin deactivate my-wp-translate
wp plugin delete my-wp-translate
Restrict User Registration
allDisable new user registration to limit attack surface
Update WordPress Settings > General: Membership = 'Anyone can register' = UNCHECKED
🧯 If You Can't Patch
- Deactivate the My WP Translate plugin immediately
- Implement strict user role management and monitor for suspicious option modifications
🔍 How to Verify
Check if Vulnerable:
Check WordPress admin > Plugins > Installed Plugins for My WP Translate version 1.1 or earlierCheck Version:
wp plugin list --name=my-wp-translate --field=versionVerify Fix Applied:
Verify plugin is either updated to version after 1.1 or completely removed from plugins directory📡 Detection & Monitoring
Log Indicators:
- Unusual wp_options table modifications
- AJAX requests to admin-ajax.php with action=mtswpt_remove_plugin or ajax_update_export_code
- User with low privileges modifying system options
Network Indicators:
- POST requests to /wp-admin/admin-ajax.php with vulnerable action parameters
SIEM Query:
source="wordpress.log" AND (action="mtswpt_remove_plugin" OR action="ajax_update_export_code")🔗 References
- https://plugins.trac.wordpress.org/browser/my-wp-translate/tags/1.1/admin/class-my-wp-translate-admin.php#L1048
- https://plugins.trac.wordpress.org/browser/my-wp-translate/tags/1.1/admin/class-my-wp-translate-admin.php#L1069
- https://plugins.trac.wordpress.org/browser/my-wp-translate/tags/1.1/admin/class-my-wp-translate-admin.php#L1130
- https://plugins.trac.wordpress.org/browser/my-wp-translate/tags/1.1/admin/class-my-wp-translate-admin.php#L1138
- https://www.wordfence.com/threat-intel/vulnerabilities/id/5bda56c3-56ad-40d7-b743-0b69512ec460?source=cve
