CVE-2025-52756 is a vulnerability classified as 'Improper Control of Generation of Code' or code injection in the WordPress plugin 'WP Last Modified Info' by Sayan Datta. This plugin, widely used to display the last modified date of posts or pages, suffers from a remote code inclusion flaw that allows an attacker with at least low-level privileges (PR:L) to inject and execute arbitrary code remotely. The vulnerability affects all versions up to and including 1.9.2. The CVSS 3.1 vector (AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:L) indicates that the attack can be performed over the network with low attack complexity, requires some privileges but no user interaction, and impacts confidentiality, integrity, and availability with a scope change (meaning the vulnerability can affect resources beyond the initially vulnerable component). The flaw likely arises from insufficient sanitization or validation of user-controlled input used in code generation or inclusion routines within the plugin. Exploiting this vulnerability could allow attackers to execute arbitrary PHP code on the server, leading to data leakage, defacement, or denial of service. While no public exploits are currently known, the high severity and ease of exploitation make this a critical issue for sites using this plugin. The vulnerability was reserved in June 2025 and published in October 2025, indicating recent discovery and disclosure. No official patches or updates are linked yet, so users must monitor vendor advisories closely.

For European organizations, this vulnerability poses a significant risk, especially those relying on WordPress for their web presence, including e-commerce, media, and governmental sites. Successful exploitation can lead to unauthorized code execution, allowing attackers to steal sensitive data, modify website content, or disrupt services. This can result in reputational damage, regulatory non-compliance (e.g., GDPR violations due to data breaches), and financial losses. The scope change in the CVSS vector suggests that the attacker could escalate privileges or affect other components beyond the plugin itself, increasing the potential damage. Organizations with multi-tenant hosting or shared environments face additional risks of lateral movement. The requirement for low privileges means that even compromised or low-level user accounts could be leveraged to exploit this vulnerability, emphasizing the need for strict access controls. The absence of known exploits in the wild provides a window for proactive mitigation, but the high severity score indicates urgency.

1. Immediate monitoring for plugin updates from the vendor or WordPress repository is critical; apply patches as soon as they become available. 2. Until patches are released, restrict access to the plugin’s functionality by limiting user roles that can interact with it, minimizing the attack surface. 3. Employ web application firewalls (WAF) with custom rules to detect and block suspicious requests targeting the plugin’s endpoints or parameters that could be used for code injection. 4. Conduct thorough audits of user accounts and permissions to ensure no unnecessary privileges are granted, especially to untrusted users. 5. Implement intrusion detection systems (IDS) to monitor for anomalous PHP execution or file changes indicative of exploitation attempts. 6. Consider temporarily disabling or removing the plugin if it is not essential to reduce risk exposure. 7. Regularly back up website data and configurations to enable rapid recovery in case of compromise. 8. Educate site administrators about the risks of code injection and the importance of timely updates and access control.