Skip to main content

CVE-2025-3917: CWE-434 Unrestricted Upload of File with Dangerous Type in kelerkgibo 百度站长SEO合集(支持百度/神马/Bing/头条推送)

Critical
VulnerabilityCVE-2025-3917cvecve-2025-3917cwe-434
Published: Thu May 15 2025 (05/15/2025, 03:21:38 UTC)
Source: CVE
Vendor/Project: kelerkgibo
Product: 百度站长SEO合集(支持百度/神马/Bing/头条推送)

Description

The 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin for WordPress is vulnerable to arbitrary file uploads due to missing file type validation in the download_remote_image_to_media_library function in all versions up to, and including, 2.0.6. This makes it possible for unauthenticated attackers to upload arbitrary files on the affected site's server which may make remote code execution possible.

AI-Powered Analysis

AILast updated: 07/06/2025, 11:28:41 UTC

Technical Analysis

CVE-2025-3917 is a critical vulnerability affecting the WordPress plugin 百度站长SEO合集(支持百度/神马/Bing/头条推送) developed by kelerkgibo. The vulnerability arises from the download_remote_image_to_media_library function, which lacks proper file type validation, allowing unauthenticated attackers to upload arbitrary files to the affected server. This is classified under CWE-434, which pertains to unrestricted file upload vulnerabilities. Because the plugin does not restrict or validate the types of files being uploaded, attackers can upload malicious files such as web shells or scripts that can be executed remotely, potentially leading to remote code execution (RCE). The vulnerability affects all versions up to and including 2.0.6. The CVSS v3.1 score is 9.8 (critical), reflecting the high impact and ease of exploitation: no authentication or user interaction is required, and the attack vector is network-based. Exploiting this vulnerability could compromise the confidentiality, integrity, and availability of the affected web server and its data. Although no public exploits have been reported yet, the severity and nature of the vulnerability make it a prime target for attackers once exploit code becomes available. The plugin is used primarily in Chinese-language SEO contexts, but since WordPress is globally deployed, any European organization using this plugin is at risk. The vulnerability is particularly dangerous because it allows attackers to bypass typical security controls by uploading files that can be executed on the server, potentially leading to full system compromise.

Potential Impact

For European organizations, the impact of this vulnerability could be severe. Organizations running WordPress sites with this plugin could face unauthorized access, data breaches, and service disruptions. Attackers could deploy web shells to maintain persistent access, steal sensitive data, or pivot to internal networks. This could lead to reputational damage, regulatory penalties under GDPR due to data breaches, and operational downtime. Given that the vulnerability requires no authentication and no user interaction, even publicly accessible websites are at risk. The ability to execute arbitrary code remotely could allow attackers to deface websites, inject malicious content, or use compromised servers as part of larger botnets or attack campaigns. This is especially critical for European companies in sectors such as finance, healthcare, and government that rely on WordPress for public-facing or internal web services. The lack of an official patch at the time of disclosure increases the urgency for mitigation.

Mitigation Recommendations

Immediate mitigation steps include: 1) Removing or disabling the vulnerable plugin until a patched version is released. 2) Implementing web application firewall (WAF) rules to block suspicious file upload attempts, particularly those targeting the download_remote_image_to_media_library function or unusual file extensions. 3) Restricting file upload permissions on the server to prevent execution of uploaded files, for example by disabling execution in upload directories via web server configuration (e.g., using .htaccess or nginx config). 4) Monitoring server logs for unusual upload activity or access patterns indicative of exploitation attempts. 5) Employing intrusion detection/prevention systems (IDS/IPS) tuned to detect web shell signatures. 6) Regularly updating WordPress core and plugins to the latest versions once patches are available. 7) Conducting security audits and penetration testing focused on file upload functionalities. 8) Educating site administrators about the risks of installing unvetted plugins and the importance of timely updates. These steps go beyond generic advice by focusing on immediate containment, detection, and prevention tailored to this specific vulnerability and its exploitation vector.

Need more detailed analysis?Get Pro

Technical Details

Data Version
5.1
Assigner Short Name
Wordfence
Date Reserved
2025-04-24T10:22:46.708Z
Cisa Enriched
true
Cvss Version
3.1
State
PUBLISHED

Threat ID: 682cd0fb1484d88663aec6bb

Added to database: 5/20/2025, 6:59:07 PM

Last enriched: 7/6/2025, 11:28:41 AM

Last updated: 8/6/2025, 7:25:44 AM

Views: 10

Actions

PRO

Updates to AI analysis are available only with a Pro account. Contact root@offseq.com for access.

Please log in to the Console to use AI analysis features.

Need enhanced features?

Contact root@offseq.com for Pro access with improved analysis and higher rate limits.

Latest Threats