CVE-2025-52756 is a vulnerability classified as 'Improper Control of Generation of Code' or code injection in the WordPress plugin 'WP Last Modified Info' developed by Sayan Datta. This plugin, widely used to display the last modified date of posts, suffers from a remote code inclusion flaw in versions up to and including 1.9.2. The vulnerability allows an attacker with at least low-level privileges (PR:L) to inject and execute arbitrary code remotely without requiring any user interaction (UI:N). The attack vector is network-based (AV:N), meaning exploitation can be performed remotely over the internet. The vulnerability affects confidentiality, integrity, and availability to a limited extent (C:L/I:L/A:L) and has a CVSS v3.1 base score of 7.4, indicating high severity. The scope is changed (S:C), meaning the vulnerability can affect resources beyond the initially vulnerable component. Although no public exploits are currently known, the nature of code injection vulnerabilities typically allows attackers to execute arbitrary commands, potentially leading to website defacement, data leakage, or denial of service. The vulnerability arises from insufficient validation or sanitization of inputs that are used to generate code dynamically, enabling remote code inclusion. Since the plugin is installed on WordPress sites, the attack surface includes any site using this plugin, especially those with multiple users or contributors who have low privileges. The vulnerability was reserved in June 2025 and published in October 2025, but no patch links are currently available, indicating that users must monitor for updates or apply temporary mitigations.

For European organizations, this vulnerability poses a significant risk to WordPress-based websites, especially those that rely on the WP Last Modified Info plugin. Successful exploitation could lead to unauthorized code execution, allowing attackers to manipulate website content, steal sensitive data, or disrupt service availability. This could result in reputational damage, regulatory non-compliance (e.g., GDPR breaches due to data exposure), and operational downtime. Organizations with public-facing websites or e-commerce platforms are particularly vulnerable, as attackers could leverage this flaw to inject malicious scripts, deface sites, or pivot to internal networks. The requirement for low privileges means that even compromised or less trusted user accounts could be leveraged for exploitation, increasing the attack surface. Given the interconnected nature of European digital infrastructure and the high adoption of WordPress, the impact could be widespread if not addressed promptly.

1. Monitor for official patches or updates from the plugin developer and apply them immediately upon release. 2. Until a patch is available, restrict access to the plugin's functionality by limiting user roles and permissions, ensuring only trusted users have the ability to modify plugin settings or content. 3. Employ a Web Application Firewall (WAF) with rules specifically designed to detect and block code injection and remote code inclusion attempts targeting WordPress plugins. 4. Conduct regular security audits and code reviews of WordPress plugins and themes to identify and remediate insecure coding practices. 5. Implement strict input validation and sanitization on all user inputs, especially those that interact with plugin features. 6. Monitor logs and website behavior for unusual activity indicative of exploitation attempts, such as unexpected file changes or execution of unauthorized scripts. 7. Consider isolating WordPress instances or running them in containerized environments to limit the blast radius of a potential compromise. 8. Educate site administrators and content editors about the risks of privilege misuse and the importance of strong authentication practices.