Cyber Posture

CVE-2025-1771

Critical

Published: 15 March 2025

Published
15 March 2025
Modified
28 March 2025
KEV Added
Patch
CVSS Score 9.8 CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
EPSS Score 0.0018 38.9th percentile
Risk Priority 20 60% EPSS · 20% KEV · 20% CVSS

Description

Adversaries may backdoor web servers with web shells to establish persistent access to systems.

Security Summary

CVE-2025-1771 is a local file inclusion (LFI) vulnerability affecting the Traveler theme for WordPress in all versions up to and including 3.1.8. The flaw resides in the 'hotel_alone_load_more_post' function, specifically the 'style' parameter, which allows unauthenticated attackers to include and execute arbitrary files on the server. This vulnerability, associated with CWE-98, enables the execution of PHP code within included files.

Unauthenticated attackers can exploit this vulnerability remotely with low complexity and no privileges required, as indicated by its CVSS v3.1 base score of 9.8 (AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H). Successful exploitation permits bypassing access controls, obtaining sensitive data, or achieving remote code execution, particularly if PHP files can be uploaded and subsequently included.

Advisories from the Traveler changelog at https://travelerwp.com/traveler-changelog/ and Wordfence threat intelligence at https://www.wordfence.com/threat-intel/vulnerabilities/id/da3e3d6c-7643-4f22-aa88-2c4ce80aed1f?source=cve provide further details on the issue. Security practitioners should consult these sources for patch information and mitigation guidance.

Details

CWE(s)
CWE-98NVD-CWE-Other

Affected Products

shinecommerce
traveler
≤ 3.1.9

MITRE ATT&CK Enterprise Techniques

T1190 Exploit Public-Facing Application Initial Access
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
attack.mitre.org →
T1005 Data from Local System Collection
Adversaries may search local system sources, such as file systems, configuration files, local databases, virtual machine files, or process memory, to find files of interest and sensitive data prior to Exfiltration.
attack.mitre.org →
T1505.003 Web Shell Persistence
Adversaries may backdoor web servers with web shells to establish persistent access to systems.
attack.mitre.org →
Why these techniques?

LFI in public-facing WordPress app enables T1190 for remote exploitation; arbitrary file inclusion facilitates T1005 for local data access and T1100 for RCE via PHP web shell inclusion.

Confidence: HIGH · MITRE ATT&CK Enterprise v19.0

References