CVE-2025-7778 is a critical security vulnerability affecting the Icons Factory plugin for WordPress, developed by artkrylov. This vulnerability arises from improper authorization and insufficient path validation in the plugin's delete_files() function, present in all versions up to and including 1.6.12. The flaw allows unauthenticated attackers to perform arbitrary file deletion on the server hosting the WordPress site. Because the vulnerability requires no authentication or user interaction, it can be exploited remotely by simply sending crafted requests to the vulnerable endpoint. The arbitrary file deletion capability is particularly dangerous because attackers can target critical files such as wp-config.php, which contains database credentials and other sensitive configuration data. Deleting or manipulating such files can lead to remote code execution (RCE), allowing attackers to gain full control over the compromised server. The vulnerability is classified under CWE-285 (Improper Authorization), indicating that the plugin fails to properly verify whether the requesting entity has the necessary permissions to delete files. The CVSS v3.1 base score is 9.8 (critical), reflecting the high impact on confidentiality, integrity, and availability, combined with the ease of exploitation (network vector, no privileges required, no user interaction). Although no public exploits have been reported in the wild yet, the severity and simplicity of exploitation make this a high-risk vulnerability that demands immediate attention from site administrators using the Icons Factory plugin.

For European organizations, this vulnerability poses a significant risk, especially for those relying on WordPress websites with the Icons Factory plugin installed. Successful exploitation can lead to complete compromise of the affected web server, resulting in data breaches, defacement, service outages, and potential lateral movement within internal networks. Confidential business data, customer information, and intellectual property stored or accessible via the compromised server could be exposed or destroyed. The ability to execute arbitrary code remotely also increases the risk of deploying ransomware or other malware, which can disrupt operations and cause financial and reputational damage. Given the widespread use of WordPress across European businesses, including SMEs and large enterprises, the vulnerability could affect a broad range of sectors such as e-commerce, government, education, and media. Additionally, the GDPR regulatory environment in Europe means that organizations suffering data breaches due to this vulnerability could face substantial fines and legal consequences if they fail to implement adequate security measures.

1. Immediate update or removal of the vulnerable Icons Factory plugin: Since no patch links are currently available, organizations should consider disabling or uninstalling the plugin until a secure version is released. 2. Implement Web Application Firewall (WAF) rules to detect and block suspicious requests targeting the delete_files() function or unusual file deletion attempts. 3. Restrict file system permissions for the WordPress installation to minimize the impact of arbitrary file deletions, ensuring that critical files like wp-config.php are protected with strict access controls. 4. Monitor server and application logs for unusual file deletion activities or unauthorized access attempts. 5. Employ intrusion detection/prevention systems (IDS/IPS) to identify exploitation attempts. 6. Regularly back up WordPress sites and databases to enable rapid recovery in case of compromise. 7. Follow the principle of least privilege for all WordPress plugins and user roles to reduce attack surface. 8. Stay informed about updates from the plugin vendor and apply patches promptly once available.