CVE-2025-8565

8.1 HIGH

Authentication Bypass

📋 TL;DR

The WP Legal Pages WordPress plugin has a missing capability check that allows authenticated users with Contributor-level access or higher to install arbitrary plugins from the WordPress repository. This vulnerability affects all versions up to and including 3.4.3, enabling privilege escalation and potential remote code execution.

💻 Affected Systems

Products:

• WP Legal Pages WordPress Plugin

Versions: All versions up to and including 3.4.3

Operating Systems: All

Default Config Vulnerable: ⚠️ Yes

Notes: Requires WordPress installation with the vulnerable plugin enabled and at least one authenticated user with Contributor role or higher.

⚠️ Manual Verification Required

This CVE does not have specific version information in our database, so automatic vulnerability detection cannot determine if your system is affected.

Why? The CVE database entry doesn't specify which versions are vulnerable (no version ranges provided by the vendor/NVD).

🔒 Custom verification scripts are available for registered users. Sign up free to download automated test scripts.

Recommended Actions:

1. Review the CVE details at NVD
2. Check vendor security advisories for your specific version
3. Test if the vulnerability is exploitable in your environment
4. Consider updating to the latest version as a precaution

⚠️ Risk & Real-World Impact

🔴

Worst Case

Attackers install malicious plugins that provide backdoor access, execute arbitrary code, steal sensitive data, or take full control of the WordPress site.

🟠

Likely Case

Attackers install plugins that create administrative accounts, exfiltrate data, or establish persistence for further attacks.

🟢

If Mitigated

With proper access controls and monitoring, impact is limited to unauthorized plugin installations that can be detected and removed.

🌐 Internet-Facing: HIGH

🏢 Internal Only: MEDIUM

🎯 Exploit Status

Public PoC: ✅ No

Weaponized: LIKELY

Unauthenticated Exploit: ✅ No

Complexity: LOW

Exploitation requires authenticated access but is straightforward once authenticated. The vulnerability is publicly disclosed with technical details available.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: 3.4.4

Vendor Advisory: https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3355766%40wplegalpages%2Ftrunk&old=3348524%40wplegalpages%2Ftrunk&sfp_email=&sfph_mail=

Restart Required: No

Instructions:

1. Log into WordPress admin panel. 2. Navigate to Plugins > Installed Plugins. 3. Find WP Legal Pages and click 'Update Now'. 4. Verify version is 3.4.4 or higher.

🔧 Temporary Workarounds

Disable Plugin

all

Temporarily disable the vulnerable plugin until patching is possible.

Copy

wp plugin deactivate wplegalpages

Restrict User Roles

all

Remove Contributor and higher roles from untrusted users.

🧯 If You Can't Patch

• Disable the WP Legal Pages plugin immediately.
• Implement strict access controls and monitor for unauthorized plugin installations.

🔍 How to Verify

Check if Vulnerable:

Copy

Check WordPress admin panel > Plugins > Installed Plugins for WP Legal Pages version 3.4.3 or lower.

Check Version:

Copy

wp plugin get wplegalpages --field=version

Verify Fix Applied:

Copy

Verify WP Legal Pages version is 3.4.4 or higher in WordPress admin panel.

📡 Detection & Monitoring

Log Indicators:

• Unexpected plugin installation events
• wp-admin/admin-ajax.php requests with wplp_gdpr_install_plugin_ajax_handler action
• User role changes from Contributor to Administrator

Network Indicators:

• HTTP POST requests to /wp-admin/admin-ajax.php with plugin installation parameters
• Outbound connections to WordPress plugin repository from unexpected users

SIEM Query:

Copy

source="wordpress" action="plugin_install" user_role="contributor" OR user_role="author" OR user_role="editor"

📊 Metadata

CVE ID: CVE-2025-8565

CVSS v3 Score: 8.1 (HIGH)

CVSS Vector: CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:N/I:H/A:H

CWE: CWE-862

EPSS Score: 0.05% exploit probability (16.9th percentile)

Published: September 18, 2025

Last Updated: September 18, 2025

🔗 References

• https://plugins.trac.wordpress.org/changeset?sfp_email=&sfph_mail=&reponame=&new=3355766%40wplegalpages%2Ftrunk&old=3348524%40wplegalpages%2Ftrunk&sfp_email=&sfph_mail=
• https://www.wordfence.com/threat-intel/vulnerabilities/id/ed5f2c6d-a548-44c1-a07a-e33999bb164d?source=cve

📤 Share & Export

Twitter LinkedIn Reddit Copy Link

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-8565, you might also want to check these:

CVE-2024-6071 10.0

CVE-2024-6071 is a critical remote code execution vulnerability in PTC Creo Elements/Direct License ...

Same vulnerability type (CWE-862)

CVE-2022-0543 10.0

CVE-2022-0543 is a critical Lua sandbox escape vulnerability in Redis on Debian-based systems that a...

Same vulnerability type (CWE-862)

CVE-2024-6500 10.0

This vulnerability allows unauthenticated attackers to read and delete arbitrary files on WordPress ...

Same vulnerability type (CWE-862)