CVE-2025-30785 identifies a Local File Inclusion (LFI) vulnerability in the WordPress plugin 'Subscribe to Download Lite' developed by WP Shuffle, affecting versions up to and including 1.2.9. The vulnerability arises from improper validation or control of filenames used in PHP include or require statements, allowing an attacker to manipulate the input to include arbitrary files from the local filesystem. This can lead to unauthorized disclosure of sensitive files such as configuration files, password files, or other critical data stored on the server. In some cases, LFI can be leveraged to achieve remote code execution if combined with other vulnerabilities or if the attacker can upload malicious files. The vulnerability is classified under improper control of filename for include/require statements, a common PHP security issue. Although no public exploits are currently known, the flaw is publicly disclosed and documented in the CVE database. The plugin is widely used in WordPress environments to manage subscription-based downloads, making it a valuable target for attackers seeking to compromise websites. The vulnerability does not have an assigned CVSS score yet, but its characteristics suggest a significant risk due to the potential impact on confidentiality and integrity, ease of exploitation without authentication, and broad scope of affected installations.

The exploitation of this vulnerability can have severe consequences for organizations running WordPress sites with the affected plugin. Attackers can read sensitive files on the web server, including configuration files containing database credentials, API keys, or other secrets, leading to data breaches. In some scenarios, attackers may escalate the attack to execute arbitrary code, resulting in full server compromise, defacement, or use of the server as a pivot point for further attacks. This can disrupt business operations, damage brand reputation, and lead to regulatory penalties if personal or sensitive data is exposed. The vulnerability affects any organization using the plugin, including e-commerce sites, membership platforms, and content providers, potentially impacting millions of users. The lack of known exploits in the wild currently reduces immediate risk but does not diminish the urgency for remediation, as public disclosure increases the likelihood of future exploitation attempts.

Organizations should immediately audit their WordPress installations to identify the presence of the 'Subscribe to Download Lite' plugin and verify the version in use. Until a patch is released, administrators should consider disabling or removing the plugin to eliminate exposure. Implement strict input validation and sanitization on any user-supplied data that could influence file inclusion paths. Employ web application firewalls (WAFs) with rules designed to detect and block attempts to exploit LFI vulnerabilities, such as requests containing directory traversal sequences or suspicious file inclusion patterns. Restrict PHP include paths and disable potentially dangerous PHP functions like 'allow_url_include' to reduce attack surface. Monitor server logs for unusual access patterns or errors indicative of exploitation attempts. Once a vendor patch is available, apply it promptly. Additionally, maintain regular backups and ensure recovery procedures are tested to mitigate potential damage from successful attacks.