CVE-2025-13597 is a critical security vulnerability identified in the AI Feeds plugin for WordPress, developed by soportecibeles. The vulnerability stems from a missing capability check in the 'actualizador_git.php' file across all versions up to and including 1.0.11. This flaw allows unauthenticated attackers to perform arbitrary file uploads by exploiting the plugin's update mechanism. Specifically, attackers can download arbitrary GitHub repositories and overwrite existing plugin files on the affected WordPress server. This capability can lead to remote code execution (RCE), as malicious code introduced via overwritten files can be executed by the web server. The vulnerability is classified under CWE-434, which pertains to unrestricted file upload of dangerous types. The CVSS v3.1 base score is 9.8, reflecting the vulnerability's critical nature with network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and high impact on confidentiality, integrity, and availability (C:H/I:H/A:H). Although no known exploits have been reported in the wild yet, the vulnerability's characteristics make it highly exploitable. The plugin's update script lacks authentication and authorization checks, making it trivial for attackers to abuse this functionality remotely. This vulnerability threatens the security posture of any WordPress site using the AI Feeds plugin, potentially leading to full site compromise, data theft, defacement, or use of the server as a pivot point for further attacks.

For European organizations, this vulnerability poses a severe risk to website integrity, data confidentiality, and service availability. Compromise of WordPress sites through this vulnerability could lead to unauthorized data access, defacement, or complete site takeover. Organizations relying on WordPress for customer-facing websites, e-commerce, or internal portals may face reputational damage, regulatory penalties under GDPR for data breaches, and operational disruptions. The ability for unauthenticated attackers to execute remote code increases the risk of malware deployment, ransomware attacks, or lateral movement within corporate networks. Given the widespread use of WordPress across Europe, especially among SMEs and public sector entities, the potential impact is broad. Additionally, compromised sites could be leveraged to launch phishing campaigns or distribute malicious payloads, amplifying the threat landscape. The lack of known exploits in the wild currently provides a window for proactive mitigation, but the critical severity demands urgent attention.

Immediate mitigation steps include disabling or uninstalling the AI Feeds plugin until a secure patch is released. Organizations should monitor official vendor channels for updates and apply patches promptly once available. Restrict access to the 'actualizador_git.php' file by implementing web server-level access controls, such as IP whitelisting or authentication requirements, to prevent unauthorized requests. Employ Web Application Firewalls (WAFs) with custom rules to detect and block suspicious requests targeting the vulnerable script. Conduct thorough audits of WordPress installations to identify the presence of this plugin and verify plugin versions. Regularly review server logs for unusual activity related to plugin update endpoints. Implement strict file system permissions to limit the ability of web server processes to overwrite critical files. Additionally, consider isolating WordPress instances in segmented network zones to reduce lateral movement risk. Finally, educate site administrators on the risks of installing unverified plugins and maintaining up-to-date software.