CVE-2025-13597 is a critical security vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) found in the AI Feeds plugin for WordPress developed by soportecibeles. The vulnerability exists in the 'actualizador_git.php' file, which lacks proper capability checks, allowing unauthenticated attackers to exploit this endpoint. Attackers can leverage this flaw to download arbitrary GitHub repositories and overwrite plugin files on the affected server. This arbitrary file upload capability can lead to remote code execution (RCE), as malicious code can be injected and executed on the web server hosting the WordPress site. The vulnerability affects all versions up to and including 1.0.11 of the plugin. The CVSS v3.1 base score is 9.8 (critical), reflecting the vulnerability's ease of exploitation (network vector, no privileges or user interaction required) and its severe impact on confidentiality, integrity, and availability. Although no public exploits have been reported yet, the nature of the vulnerability makes it a prime target for attackers seeking to compromise WordPress sites, which are widely used globally. The lack of patch links indicates that a fix may not yet be publicly available, increasing the urgency for mitigation through other means. The vulnerability was reserved and published in late November 2025 by Wordfence, a reputable security vendor, confirming its validity and severity.

For European organizations, this vulnerability poses a significant risk due to the widespread use of WordPress for corporate websites, e-commerce platforms, and content management systems. Successful exploitation can lead to full server compromise, allowing attackers to execute arbitrary code, steal sensitive data, deface websites, or use compromised servers as a foothold for further network intrusion. The ability to overwrite plugin files can disrupt business operations and damage organizational reputation. Given the critical CVSS score and the lack of authentication requirements, attackers can remotely exploit this vulnerability without any user interaction, increasing the likelihood of automated attacks and widespread exploitation. The impact is particularly severe for organizations handling personal data under GDPR, as breaches could lead to regulatory penalties and loss of customer trust. Additionally, the vulnerability could be leveraged to deploy ransomware or other malware, amplifying operational and financial damage.

1. Immediately restrict or disable access to the 'actualizador_git.php' file, for example by using web server configuration rules (e.g., .htaccess or nginx directives) to block all external requests to this script. 2. If possible, remove or uninstall the AI Feeds plugin until a secure patch is released. 3. Monitor file integrity of WordPress plugin directories to detect unauthorized changes, using tools such as Wordfence or other file integrity monitoring solutions. 4. Employ web application firewalls (WAFs) with custom rules to detect and block attempts to exploit this vulnerability, focusing on requests targeting 'actualizador_git.php'. 5. Keep WordPress core and all plugins updated and subscribe to vendor security advisories for timely patch releases. 6. Conduct regular security audits and penetration tests to identify and remediate similar vulnerabilities. 7. Implement strict access controls and least privilege principles on web server file systems to limit the impact of any successful exploit. 8. Prepare incident response plans to quickly isolate and remediate compromised systems if exploitation is detected.