CVE-2025-5061 is a high-severity vulnerability affecting the WP Import Export Lite plugin for WordPress, developed by vjinfotech. The vulnerability arises from improper validation of uploaded file types within the 'wpie_parse_upload_data' function in all versions up to and including 3.9.29. This flaw allows authenticated users with Subscriber-level access or higher, provided they have permissions granted by an Administrator, to upload arbitrary files to the server hosting the WordPress site. Because the plugin fails to restrict dangerous file types, attackers can potentially upload malicious scripts or executables, leading to remote code execution (RCE) on the affected server. Although a partial patch was introduced in version 3.9.29, the vulnerability remains present in earlier versions. The CVSS 3.1 base score of 7.5 reflects a high severity, with network attack vector, high impact on confidentiality, integrity, and availability, and requiring low privileges but high attack complexity. No known exploits are currently reported in the wild. The vulnerability is categorized under CWE-434, which concerns unrestricted file upload vulnerabilities that can lead to severe consequences such as server compromise. Since WordPress is widely used for websites and content management, and WP Import Export Lite is a popular plugin for data migration, this vulnerability poses a significant risk to affected installations if exploited.

For European organizations, this vulnerability presents a substantial risk, especially for those relying on WordPress sites with the WP Import Export Lite plugin installed. Successful exploitation could lead to unauthorized access, data breaches, defacement, or full server compromise, impacting confidentiality, integrity, and availability of web assets. Organizations in sectors such as finance, healthcare, government, and e-commerce are particularly vulnerable due to the sensitive nature of their data and regulatory requirements like GDPR. An attacker leveraging this vulnerability could execute arbitrary code remotely, potentially leading to lateral movement within the network, data exfiltration, or disruption of services. The requirement for authenticated access with at least Subscriber-level privileges means that attackers might exploit compromised or weak user credentials, emphasizing the need for strong access controls. The partial patch in version 3.9.29 suggests that organizations running earlier versions are at higher risk. Given the widespread use of WordPress across Europe, the vulnerability could affect a broad range of organizations, from small businesses to large enterprises.

To mitigate this vulnerability, European organizations should immediately verify the version of WP Import Export Lite installed on their WordPress sites and upgrade to the latest patched version beyond 3.9.29 where the vulnerability is partially addressed. Since the patch is partial, organizations should monitor vendor advisories for a complete fix and apply it promptly once available. Implement strict access controls to limit plugin usage to trusted administrators and minimize the number of users with upload permissions. Employ web application firewalls (WAFs) configured to detect and block suspicious file upload attempts, especially those involving executable or script files. Conduct regular audits of uploaded files and server directories to detect unauthorized or malicious content. Enforce strong authentication mechanisms, including multi-factor authentication (MFA), to reduce the risk of credential compromise. Additionally, isolate WordPress instances and restrict file execution permissions on upload directories to prevent execution of malicious files. Regularly back up website data and configurations to enable rapid recovery in case of compromise. Finally, educate administrators and users about the risks of file upload vulnerabilities and the importance of applying security updates promptly.