CVE-2025-66074 is a security vulnerability identified in the WP Webhooks plugin developed by Cozmoslabs, affecting all versions up to and including 3.3.8. The vulnerability is characterized by an unrestricted file upload flaw that permits attackers to upload files of dangerous types without proper validation or restriction. This flaw is compounded by a path traversal issue, which allows an attacker to manipulate file paths during upload, potentially placing malicious files outside the intended directories. Such capability can lead to remote code execution if the attacker uploads executable scripts or web shells, thereby compromising the confidentiality, integrity, and availability of the affected WordPress site. WP Webhooks is a plugin that facilitates automation and integration via webhooks, often exposed to the internet, increasing the attack surface. Although no public exploits have been reported yet, the vulnerability’s nature makes it a critical risk once weaponized. The lack of a CVSS score indicates that this is a newly disclosed issue, but the technical details suggest a high-risk scenario due to the combination of unrestricted upload and path traversal. The vulnerability affects WordPress sites using this plugin, which are common in various sectors including e-commerce, media, and corporate websites.

For European organizations, the impact of this vulnerability can be significant. Exploitation could lead to unauthorized remote code execution, allowing attackers to take control of affected WordPress sites. This can result in data breaches, defacement, malware distribution, or use of the compromised site as a pivot point for further network attacks. Organizations relying on WP Webhooks for business-critical automation may experience service disruption or data integrity issues. The reputational damage and potential regulatory penalties under GDPR for data breaches are additional concerns. Sectors such as finance, healthcare, and government, which often use WordPress for public-facing portals, are particularly at risk. The ease of exploitation without authentication increases the threat level, making it a priority for immediate remediation in European contexts where WordPress has a strong market presence.

1. Immediately monitor for updates from Cozmoslabs and apply patches as soon as they are released. 2. Until a patch is available, disable the WP Webhooks plugin or restrict its usage to trusted internal IP addresses only. 3. Implement strict file type validation and sanitization on all file uploads, ensuring only safe file types are accepted. 4. Employ web application firewalls (WAFs) with rules to detect and block suspicious file upload attempts and path traversal patterns. 5. Regularly audit and monitor upload directories for unexpected or suspicious files. 6. Restrict permissions on upload directories to prevent execution of uploaded files. 7. Conduct security awareness training for administrators managing WordPress sites to recognize and respond to suspicious activity. 8. Consider isolating WordPress instances with this plugin in segmented network zones to limit lateral movement in case of compromise.