Cyber Posture

CVE-2025-13597

Critical

Published: 25 November 2025

Published
25 November 2025
Modified
15 April 2026
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0062 70.1th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

The AI Feeds plugin for WordPress is vulnerable to arbitrary file uploads due to missing capability check in the 'actualizador_git.php' file in all versions up to, and including, 1.0.11. This makes it possible for unauthenticated attackers to download arbitrary GitHub…

more

repositories and overwrite plugin files on the affected site's server which may make remote code execution possible.

Mitigating Controls (NIST 800-53 r5)AI

SI-2 Flaw Remediation good match
prevent

Directly mitigates the vulnerability by requiring timely remediation of the known flaw in the AI Feeds plugin through patching and updates.

SI-10 Information Input Validation good match
prevent

Prevents arbitrary file uploads by validating all inputs to the actualizador_git.php endpoint, rejecting dangerous GitHub repository files.

AC-3 Access Enforcement good match
prevent

Enforces the missing capability checks in actualizador_git.php to block unauthenticated access and file overwrite attempts.

Security SummaryAI

CVE-2025-13597 is an arbitrary file upload vulnerability in the AI Feeds plugin for WordPress, affecting all versions up to and including 1.0.11. The issue stems from a missing capability check in the 'actualizador_git.php' file, which enables attackers to upload files without authentication. It carries a CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H) and is classified under CWE-434 (Unrestricted Upload of File with Dangerous Type).

Unauthenticated attackers can exploit this vulnerability remotely with low complexity to download arbitrary GitHub repositories and overwrite plugin files on the affected WordPress site's server. This capability may lead to remote code execution, granting attackers significant control over the server.

Advisories and patches for mitigation are detailed in referenced sources, including the CVE's GitHub repository, the plugin's source code in WordPress trac, a specific changeset (3402321) in the ai-feeds plugin, a technical blog post by Ryan Kozak, and Wordfence threat intelligence. Security practitioners should review these for patch deployment and updated plugin versions.

Details

CWE(s)
CWE-434

AI Security AnalysisAI

AI Category
Other Platforms
Risk Domain
Supply Chain and Deployment
OWASP Top 10 for LLMs 2025
None mapped
MITRE ATLAS Techniques
None mapped
Classification Reason
The vulnerability affects the 'AI Feeds' WordPress plugin, which is AI-related due to its name and purpose (likely involving AI for feed generation), fitting under 'Other Platforms' as a web/plugin platform not matching more specific categories like frameworks or libraries.

MITRE ATT&CK Enterprise TechniquesAI

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
T1608.001 Upload Malware Resource Development
Adversaries may upload malware to third-party or adversary controlled infrastructure to make it accessible during targeting.
attack.mitre.org →
Why these techniques?

The vulnerability enables unauthenticated exploitation of a public-facing WordPress application (T1190), uploading/staging malware from GitHub repositories (T1608.001), and overwriting plugin files to deploy web shells or malicious server components for RCE and persistence (T1100, T1505.003).

References