CVE-2025-3917 is a critical security vulnerability classified under CWE-434 (Unrestricted Upload of File with Dangerous Type) found in the WordPress plugin 百度站长SEO合集(支持百度/神马/Bing/头条推送) developed by kelerkgibo. The flaw exists in the function download_remote_image_to_media_library, which fails to properly validate file types during remote image downloads, allowing unauthenticated attackers to upload arbitrary files to the web server. Because the plugin does not restrict or sanitize the file types, attackers can upload malicious scripts or executables that may be executed remotely, leading to remote code execution (RCE). This vulnerability affects all versions up to and including 2.0.6. The CVSS v3.1 score is 9.8 (critical), reflecting the vulnerability's network attack vector (AV:N), low attack complexity (AC:L), no privileges required (PR:N), no user interaction (UI:N), and full impact on confidentiality (C:H), integrity (I:H), and availability (A:H). The vulnerability was published on May 15, 2025, and although no known exploits are currently in the wild, the severity and ease of exploitation make it a high-risk threat. The plugin is primarily used in Chinese language SEO contexts supporting multiple search engines including Baidu, Shenma, Bing, and Toutiao, indicating a user base largely in China but also potentially in other countries with Chinese language websites or WordPress installations using this plugin.

The impact of CVE-2025-3917 is severe for organizations using the affected plugin. Successful exploitation allows unauthenticated attackers to upload arbitrary files, potentially including web shells or other malicious payloads, leading to full remote code execution on the web server. This compromises the confidentiality, integrity, and availability of the affected systems. Attackers could steal sensitive data, modify or delete website content, pivot to internal networks, or disrupt services. Given the plugin’s role in SEO and content management, compromised sites could also be used to distribute malware or conduct phishing campaigns, damaging organizational reputation. The vulnerability’s ease of exploitation and lack of required authentication make it a prime target for automated attacks and widespread exploitation once public exploits emerge. Organizations worldwide relying on this plugin face significant risks of data breaches, service outages, and regulatory penalties if exploited.

To mitigate CVE-2025-3917, organizations should immediately update the 百度站长SEO合集(支持百度/神马/Bing/头条推送) plugin to a patched version once available. Until a patch is released, administrators should disable or uninstall the plugin to eliminate the attack surface. Implement strict web application firewall (WAF) rules to detect and block suspicious file upload attempts targeting the vulnerable function. Restrict file upload permissions on the server to prevent execution of uploaded files, for example by disabling execution in upload directories via web server configuration. Monitor web server logs for unusual upload activity or access to unexpected file types. Employ network segmentation to limit the impact of a potential compromise. Additionally, conduct regular security audits and vulnerability scans focusing on WordPress plugins and file upload functionalities. Educate site administrators about the risks of installing unverified plugins and the importance of timely updates.