CVE-2025-15158 is a vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) found in the WP Enable WebP plugin for WordPress, developed by eastsidecode. The vulnerability arises from insufficient validation of file types in the 'wpse_file_and_ext_webp' function, which fails to properly restrict the types of files that authenticated users can upload. This flaw affects all versions up to and including 1.0 of the plugin. An attacker with Author-level privileges or higher can exploit this vulnerability to upload arbitrary files to the server hosting the WordPress site. Since the plugin does not adequately verify file extensions or content, malicious files such as web shells or scripts can be uploaded, potentially enabling remote code execution (RCE). The vulnerability does not require user interaction beyond the attacker's own authenticated session, and the attack vector is network-based with low complexity. The CVSS v3.1 score of 8.8 reflects the high impact on confidentiality, integrity, and availability, as successful exploitation could lead to full server compromise. Although no exploits are currently known in the wild, the vulnerability poses a significant risk to WordPress sites using this plugin, especially those with multiple users having elevated permissions. The lack of a patch at the time of reporting increases the urgency for mitigation and monitoring.

For European organizations, the impact of CVE-2025-15158 can be severe. Many businesses and institutions rely on WordPress for their web presence, and plugins like WP Enable WebP are commonly used to optimize image delivery. An attacker exploiting this vulnerability could gain unauthorized access to upload malicious files, leading to remote code execution, data breaches, defacement, or service disruption. This could compromise sensitive customer data, intellectual property, and operational continuity. The breach could also damage organizational reputation and lead to regulatory penalties under GDPR if personal data is exposed. Organizations with multi-author WordPress environments are particularly vulnerable, as the attack requires only Author-level access, which is commonly granted to content creators or editors. The vulnerability could be leveraged as a foothold for lateral movement within corporate networks, increasing the risk of broader compromise. Given the high CVSS score and potential for full server takeover, the threat is critical for European entities hosting WordPress sites with this plugin.

1. Immediately audit WordPress sites to identify installations of the WP Enable WebP plugin and determine the version in use. 2. Restrict Author-level and higher privileges to trusted users only, minimizing the number of accounts that can exploit this vulnerability. 3. Implement strict file upload monitoring and filtering on the web server and application level to detect and block suspicious or executable files. 4. Use web application firewalls (WAFs) with custom rules to detect anomalous upload patterns or attempts to upload unauthorized file types. 5. Disable or remove the WP Enable WebP plugin if it is not essential, or replace it with alternative plugins that have been verified as secure. 6. Monitor server logs and WordPress audit trails for unusual file uploads or changes indicative of exploitation attempts. 7. Prepare to apply vendor patches or updates as soon as they become available and test them in a staging environment before deployment. 8. Educate site administrators and content creators about the risks of elevated privileges and the importance of secure credential management. 9. Consider implementing multi-factor authentication (MFA) for WordPress accounts to reduce the risk of credential compromise. 10. Regularly back up website data and server configurations to enable rapid recovery in case of compromise.