CVE-2025-1970
Published: 22 March 2025
Description
Adversaries may attempt to exploit a weakness in an Internet-facing host or system to initially access a network.
Security Summary
CVE-2025-1970 is a Server-Side Request Forgery (SSRF) vulnerability, classified under CWE-918, in the Export and Import Users and Customers plugin for WordPress. It affects all versions up to and including 2.6.2, specifically via the validate_file() function in the plugin's admin/modules/import/classes/class-import-ajax.php file at line 175. Published on 2025-03-22, the flaw has a CVSS v3.1 base score of 7.6 (AV:N/AC:L/PR:H/UI:N/S:C/C:H/I:L/A:N), reflecting high severity due to network accessibility, low complexity, high privileges required, no user interaction, changed scope, high confidentiality impact, low integrity impact, and no availability impact.
Authenticated attackers possessing Administrator-level access or higher can exploit this vulnerability to originate web requests from the web application to arbitrary locations. This enables querying and modifying information from internal services that are not externally accessible, potentially bypassing network restrictions and exposing sensitive backend resources.
Advisories and references, including Wordfence's threat intelligence report, point to mitigation through patching, with WordPress plugin trac changeset 3259688 addressing the issue. Security practitioners should review the plugin's developer documentation and update affected installations promptly.
Details
- CWE(s)
Affected Products
MITRE ATT&CK Enterprise Techniques
Why these techniques?
SSRF vulnerability in public-facing WordPress plugin directly enables exploitation of the application (T1190) to query/modify internal backend resources and bypass network restrictions.