CVE-2025-11724
Published: 04 November 2025
Description
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
Security Summary
CVE-2025-11724 is an arbitrary file upload vulnerability in the EM Beer Manager plugin for WordPress, affecting all versions up to and including 3.2.3. The issue stems from missing file type validation in the EMBM_Admin_Untappd_Import_image() function and insufficient authorization checks on the wp_ajax_embm-untappd-import AJAX action. This flaw, classified under CWE-434 (Unrestricted Upload of File with Dangerous Type), carries a CVSS v3.1 base score of 8.8 (AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H), indicating high severity due to its potential for remote code execution.
Authenticated attackers with subscriber-level permissions or higher can exploit this vulnerability to upload arbitrary files, including malicious PHP shells, onto the server. Exploitation requires the attacker to provide a mock HTTP server that responds with specific JSON data to mimic the Untappd integration process, bypassing normal validation. Successful exploitation grants remote code execution on the web server, potentially allowing full compromise of the WordPress site.
References include source code locations in the plugin's admin actions and Untappd integration files (lines 393, 867, 899, and 912), as well as a Wordfence threat intelligence advisory detailing the vulnerability. Practitioners should review these for precise remediation steps, such as updating to a patched version if available or disabling the plugin.
Details
- CWE(s)
MITRE ATT&CK Enterprise Techniques
Why these techniques?
Arbitrary file upload in WordPress plugin enables exploitation of public-facing application (T1190) for uploading and executing malicious PHP files as web shells (T1505.003), leading to RCE.