CVE-2025-8213 is an absolute path traversal vulnerability classified under CWE-36, found in the NinjaScanner – Virus & Malware scan plugin for WordPress. This vulnerability exists due to inadequate validation of file paths in two key plugin functions: 'nscan_ajax_quarantine' and 'nscan_quarantine_select'. These functions handle quarantine operations for files flagged by the scanner. Because of the insufficient path validation, an authenticated attacker with Administrator privileges can manipulate input parameters to specify arbitrary file paths, enabling deletion of any file on the hosting server, including those outside the WordPress installation directory. This can lead to deletion of critical system files, configuration files, or other application data, severely impacting system integrity and availability. The vulnerability affects all plugin versions up to and including 3.2.5. The CVSS v3.1 score is 7.2, indicating high severity, with attack vector network-based, low attack complexity, requiring high privileges but no user interaction. No public exploits have been reported yet, but the potential for destructive impact is significant. The vulnerability was reserved and published in late July 2025, with no official patch currently available, increasing the urgency for mitigation. The threat is particularly relevant for WordPress sites that use this plugin, which is popular among site administrators for malware scanning and quarantine management.

The impact of CVE-2025-8213 is substantial for organizations running WordPress sites with the NinjaScanner plugin. Successful exploitation allows attackers with Administrator-level access to delete arbitrary files on the server, potentially including critical system files, website content, backups, or configuration files. This can lead to complete site downtime, data loss, and compromise of server integrity. Confidentiality may also be indirectly affected if deletion of security or audit logs occurs, hindering forensic investigations. The availability of the website and associated services can be severely disrupted, causing operational and reputational damage. Since the attack requires authenticated Administrator privileges, the threat is primarily from insiders or attackers who have already compromised admin credentials. However, given the widespread use of WordPress and the plugin, the vulnerability poses a significant risk globally. The absence of known exploits in the wild suggests limited current exploitation, but the ease of exploitation and high impact make it a critical concern for affected organizations.

To mitigate CVE-2025-8213, organizations should immediately restrict Administrator-level access to trusted personnel only and enforce strong authentication mechanisms such as multi-factor authentication (MFA) to reduce the risk of credential compromise. Until an official patch is released, consider disabling or uninstalling the NinjaScanner plugin to eliminate the attack surface. If plugin functionality is essential, implement web application firewall (WAF) rules to detect and block suspicious requests targeting the vulnerable functions, especially those attempting path traversal patterns. Regularly monitor server and application logs for unusual file deletion activities or access patterns. Employ file integrity monitoring solutions to alert on unauthorized file changes or deletions outside normal maintenance windows. Isolate WordPress instances in containerized or sandboxed environments to limit the blast radius of potential file deletions. Finally, maintain regular backups of website and server data stored offline or in immutable storage to enable rapid recovery in case of data loss.