CVE-2025-28954: CWE-352 Cross-Site Request Forgery (CSRF) in wphobby Backwp
Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.
AI Analysis
Technical Summary
CVE-2025-28954 is a high-severity vulnerability classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) issue in the wphobby Backwp plugin. This vulnerability affects versions up to 2.0.2 of the Backwp product. The CSRF flaw allows an attacker to trick an authenticated user into submitting unauthorized requests to the vulnerable web application. In this case, the CSRF vulnerability is linked to a path traversal issue, which can enable an attacker to manipulate file paths on the server, potentially leading to denial of service or other disruptions. The CVSS 3.1 score of 7.4 reflects a network attack vector with low attack complexity, no privileges required, but requiring user interaction, and impacting availability with a scope change. The vulnerability does not impact confidentiality or integrity directly but can cause significant availability issues by exploiting path traversal via CSRF. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in March 2025 and published in June 2025. The combination of CSRF and path traversal is particularly dangerous because it leverages the victim's authenticated session to perform unauthorized actions that can disrupt service or manipulate server files indirectly.
Potential Impact
For European organizations using the wphobby Backwp plugin, this vulnerability poses a significant risk to website availability and operational continuity. Since Backwp is a WordPress plugin, organizations relying on WordPress for their web presence or internal portals could face service disruptions if attackers exploit this vulnerability. The path traversal aspect could allow attackers to cause denial of service or potentially interfere with backup or restoration processes managed by the plugin, impacting business continuity. Although confidentiality and integrity are not directly compromised, the availability impact can lead to downtime, loss of customer trust, and potential regulatory scrutiny under GDPR if service disruptions affect user data processing. The requirement for user interaction means phishing or social engineering could be used to exploit this vulnerability, increasing the risk in environments with less user security awareness. The lack of patches means organizations must act quickly to mitigate risk before official fixes are available.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the wphobby Backwp plugin and its version. Until patches are released, the most effective mitigation is to disable or uninstall the Backwp plugin to eliminate the attack surface. If disabling is not feasible, organizations should implement strict Content Security Policy (CSP) headers and SameSite cookie attributes to reduce CSRF risks. Additionally, user training to recognize phishing attempts can reduce the likelihood of successful exploitation. Web Application Firewalls (WAFs) should be configured to detect and block suspicious requests that attempt path traversal or unusual POST requests to the plugin endpoints. Monitoring logs for anomalous activity related to Backwp plugin endpoints can provide early detection. Finally, organizations should prepare for rapid patch deployment once a fix is available and consider isolating critical WordPress instances from public access where possible.
Affected Countries
Germany, France, United Kingdom, Netherlands, Italy, Spain, Poland, Sweden
CVE-2025-28954: CWE-352 Cross-Site Request Forgery (CSRF) in wphobby Backwp
Description
Cross-Site Request Forgery (CSRF) vulnerability in wphobby Backwp allows Path Traversal. This issue affects Backwp: from n/a through 2.0.2.
AI-Powered Analysis
Technical Analysis
CVE-2025-28954 is a high-severity vulnerability classified as CWE-352, indicating a Cross-Site Request Forgery (CSRF) issue in the wphobby Backwp plugin. This vulnerability affects versions up to 2.0.2 of the Backwp product. The CSRF flaw allows an attacker to trick an authenticated user into submitting unauthorized requests to the vulnerable web application. In this case, the CSRF vulnerability is linked to a path traversal issue, which can enable an attacker to manipulate file paths on the server, potentially leading to denial of service or other disruptions. The CVSS 3.1 score of 7.4 reflects a network attack vector with low attack complexity, no privileges required, but requiring user interaction, and impacting availability with a scope change. The vulnerability does not impact confidentiality or integrity directly but can cause significant availability issues by exploiting path traversal via CSRF. No known exploits are currently reported in the wild, and no patches have been linked yet. The vulnerability was reserved in March 2025 and published in June 2025. The combination of CSRF and path traversal is particularly dangerous because it leverages the victim's authenticated session to perform unauthorized actions that can disrupt service or manipulate server files indirectly.
Potential Impact
For European organizations using the wphobby Backwp plugin, this vulnerability poses a significant risk to website availability and operational continuity. Since Backwp is a WordPress plugin, organizations relying on WordPress for their web presence or internal portals could face service disruptions if attackers exploit this vulnerability. The path traversal aspect could allow attackers to cause denial of service or potentially interfere with backup or restoration processes managed by the plugin, impacting business continuity. Although confidentiality and integrity are not directly compromised, the availability impact can lead to downtime, loss of customer trust, and potential regulatory scrutiny under GDPR if service disruptions affect user data processing. The requirement for user interaction means phishing or social engineering could be used to exploit this vulnerability, increasing the risk in environments with less user security awareness. The lack of patches means organizations must act quickly to mitigate risk before official fixes are available.
Mitigation Recommendations
European organizations should immediately audit their WordPress installations to identify the presence of the wphobby Backwp plugin and its version. Until patches are released, the most effective mitigation is to disable or uninstall the Backwp plugin to eliminate the attack surface. If disabling is not feasible, organizations should implement strict Content Security Policy (CSP) headers and SameSite cookie attributes to reduce CSRF risks. Additionally, user training to recognize phishing attempts can reduce the likelihood of successful exploitation. Web Application Firewalls (WAFs) should be configured to detect and block suspicious requests that attempt path traversal or unusual POST requests to the plugin endpoints. Monitoring logs for anomalous activity related to Backwp plugin endpoints can provide early detection. Finally, organizations should prepare for rapid patch deployment once a fix is available and consider isolating critical WordPress instances from public access where possible.
Affected Countries
For access to advanced analysis and higher rate limits, contact root@offseq.com
Technical Details
- Data Version
- 5.1
- Assigner Short Name
- Patchstack
- Date Reserved
- 2025-03-11T08:10:12.306Z
- Cvss Version
- 3.1
- State
- PUBLISHED
Threat ID: 6842edda71f4d251b5c87f36
Added to database: 6/6/2025, 1:32:10 PM
Last enriched: 7/8/2025, 12:10:23 AM
Last updated: 8/4/2025, 6:13:21 PM
Views: 13
Related Threats
Researcher to release exploit for full auth bypass on FortiWeb
HighCVE-2025-9091: Hard-coded Credentials in Tenda AC20
LowCVE-2025-9090: Command Injection in Tenda AC20
MediumCVE-2025-9092: CWE-400 Uncontrolled Resource Consumption in Legion of the Bouncy Castle Inc. Bouncy Castle for Java - BC-FJA 2.1.0
LowCVE-2025-9089: Stack-based Buffer Overflow in Tenda AC20
HighActions
Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.
External Links
Need enhanced features?
Contact root@offseq.com for Pro access with improved analysis and higher rate limits.