{"id":38863,"date":"2025-05-17T10:18:28","date_gmt":"2025-05-17T10:18:28","guid":{"rendered":""},"modified":"2025-06-04T11:01:39","modified_gmt":"2025-06-04T17:01:39","slug":"cve-2025-2158-local-file-inclusion-vulnerability-in-wordpress-review-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-2158-local-file-inclusion-vulnerability-in-wordpress-review-plugin\/","title":{"rendered":"<strong>CVE-2025-2158: Local File Inclusion Vulnerability in WordPress Review Plugin<\/strong>"},"content":{"rendered":"<p><strong>Overview:<\/strong><\/p>\n<p>CVE-2025-2158 is a high-severity vulnerability identified in the WordPress Review Plugin, which is widely used for building review websites. This vulnerability affects all versions of the plugin up to and including 5.3.5. Exploitation of this <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-49129-stack-overflow-vulnerability-in-solid-edge-se2023-allows-potential-system-compromise\/\"  data-wpil-monitor-id=\"43515\">vulnerability could potentially compromise the system<\/a> or lead to data leakage, which makes the vulnerability particularly dangerous.<br \/>\nThis <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-3610-privilege-escalation-vulnerability-in-the-reales-wp-stpt-wordpress-plugin\/\"  data-wpil-monitor-id=\"43858\">vulnerability matters because of the widespread use of WordPress<\/a> and its plugins. An attacker with Contributor-level <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-49131-uninitialized-pointer-access-vulnerability-in-solid-edge-se2023\/\"  data-wpil-monitor-id=\"43491\">access or higher can exploit this vulnerability<\/a>, enabling them to include and execute arbitrary files on the server. This can <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4347-d-link-router-buffer-overflow-vulnerability-leading-to-potential-system-compromise\/\"  data-wpil-monitor-id=\"43575\">potentially lead to compromise of the system<\/a> or leakage of sensitive data.<\/p>\n<p><strong>Vulnerability Summary:<\/strong><\/p>\n<p>CVE ID: CVE-2025-2158<br \/>\nSeverity: High (CVSS: 8.8)<br \/>\nAttack Vector: Local<br \/>\nPrivileges Required: Contributor-level access<br \/>\nUser Interaction: Required<br \/>\nImpact: <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4372-webaudio-heap-corruption-in-google-chrome-a-potential-gateway-to-system-compromise-and-data-leakage\/\"  data-wpil-monitor-id=\"43786\">Potential system compromise or data<\/a> leakage<\/p>\n<p><strong>Affected Products:<\/strong><\/p><div id=\"ameeb-1452319796\" class=\"ameeb-content-2 ameeb-entity-placement\"><div style=\"border-left: 4px solid #555; padding-left: 20px; margin: 48px 0; font-family: Roboto, sans-serif; color: #ffffff; line-height: 1.6; max-width: 700px;\">\r\n  <h2 style=\"margin-top: 0; font-size: 20px; font-weight: 600; display: flex; align-items: center;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"display: inline-flex; align-items: center; margin-right: 8px;\">\r\n      <img decoding=\"async\" src=\"https:\/\/www.ameeba.com\/blog\/wp-content\/uploads\/2025\/10\/Best-App-icon-Ameeba.png\" alt=\"Ameeba Chat Icon\" style=\"width: 40px; height: 40px;\" \/>\r\n    <\/a>\r\n    A new way to communicate\r\n  <\/h2>\r\n\r\n  <p style=\"margin-bottom: 12px;\">\r\n    Ameeba Chat is built on encrypted identity, not personal profiles.\r\n  <\/p>\r\n\r\n  <p style=\"margin-bottom: 16px;\">\r\n    Message, call, share files, and coordinate with identities kept separate.\r\n  <\/p>\r\n\r\n  <ul style=\"list-style: none; padding-left: 0; margin-bottom: 20px;\">\r\n    <li>\u2022 Encrypted identity<\/li>\r\n    <li>\u2022 Ameeba Chat authenticates access<\/li>\r\n    <li>\u2022 Aliases and categories<\/li>\r\n    <li>\u2022 End-to-end encrypted chat, calls, and files<\/li>\r\n    <li>\u2022 Secure notes for sensitive information<\/li>\r\n  <\/ul>\r\n\r\n  <p style=\"font-style: italic; font-weight: 600; margin-bottom: 24px;\">\r\n    Private communication, rethought.\r\n  <\/p>\r\n\r\n  <div style=\"display: flex; flex-wrap: wrap; gap: 12px;\">\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\/download\" style=\"background-color: #ffffff; color: #000000; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Download Ameeba Chat<\/a>\r\n    <a href=\"https:\/\/www.ameeba.com\/chat\" style=\"border: 1px solid #ffffff; color: #ffffff; padding: 10px 20px; text-decoration: none; border-radius: 6px; font-weight: 500;\">Learn More<\/a>\r\n  <\/div>\r\n<\/div>\r\n<\/div>\n<p>Product | Affected Versions<\/p>\n<p><a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-31914-critical-sql-injection-vulnerability-in-pixel-wordpress-form-builder-plugin-autoresponder\/\"  data-wpil-monitor-id=\"54803\">WordPress Review Plugin<\/a> | Up to and including 5.3.5<\/p>\n<p><strong>How the Exploit Works:<\/strong><\/p>\n<p>The vulnerability arises due to an issue in the handling of &#8216;Post custom fields&#8217; by the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4104-critical-privilege-escalation-vulnerability-in-frontend-dashboard-wordpress-plugin\/\"  data-wpil-monitor-id=\"44283\">WordPress<\/a> Review Plugin. An authenticated attacker with Contributor-level access can exploit this to include and execute <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-11617-arbitrary-file-upload-vulnerability-in-envolve-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"44971\">arbitrary PHP files<\/a> on the server. This can result in the <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2023-49123-code-execution-vulnerability-in-solid-edge-se2023\/\"  data-wpil-monitor-id=\"43554\">execution of any PHP code<\/a> present in those files. If the server has &#8216;pearcmd&#8217; enabled and &#8216;register_argc_argv&#8217; also enabled, this could lead to complete <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-30165-potential-system-compromise-in-vllm-v0-engine\/\"  data-wpil-monitor-id=\"44012\">system compromise<\/a>.<\/p>\n<p><strong>Conceptual Example Code:<\/strong><\/p><div id=\"ameeb-591400139\" class=\"ameeb-content ameeb-entity-placement\"><div class=\"poptin-embedded\" data-id=\"f6b387694f681\"><\/div>\r\n\r\n\r\n\r\n\r\n\r\n<\/div>\n<p>Here&#8217;s a hypothetical example of how the vulnerability might be exploited:<\/p>\n<pre><code class=\"\" data-line=\"\">POST \/wp-admin\/post.php HTTP\/1.1\nHost: target.example.com\nContent-Type: application\/x-www-form-urlencoded\npost_title=Sample&amp;content=&lt;php? include(&#039;\/path\/to\/malicious\/file.php&#039;); ?&gt;&amp;action=edit&amp;post_type=review<\/code><\/pre>\n<p>In this example, the attacker is making a POST request to &#8216;post.php&#8217;, an endpoint known to handle &#8216;<a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4391-wordpress-echo-rss-feed-post-generator-plugin-arbitrary-file-upload-vulnerability\/\"  data-wpil-monitor-id=\"50852\">Post custom fields&#8217; in the WordPress Review Plugin<\/a>. The included PHP code is from a malicious <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-47549-critical-unrestricted-file-upload-vulnerability-in-themefic-beaf\/\"  data-wpil-monitor-id=\"43893\">file that the attacker has already uploaded<\/a> to the server.<\/p>\n<p><strong>Mitigation:<\/strong><\/p>\n<p>The WordPress Review <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2025-4335-privilege-escalation-vulnerability-in-woocommerce-multiple-addresses-plugin-for-wordpress\/\"  data-wpil-monitor-id=\"43720\">Plugin&#8217;s vendor has released a patch to address this vulnerability<\/a>. It is strongly recommended to apply this patch immediately. If patching is not immediately possible, using a Web Application Firewall (WAF) or Intrusion Detection System (IDS) can serve as a temporary mitigation measure. Regularly monitoring <a href=\"https:\/\/www.ameeba.com\/blog\/cve-2024-20653-microsoft-common-log-file-system-elevation-of-privilege-vulnerability\/\"  data-wpil-monitor-id=\"47659\">system logs<\/a> for unusual activity can also help in early detection of any exploitation attempts.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Overview: CVE-2025-2158 is a high-severity vulnerability identified in the WordPress Review Plugin, which is widely used for building review websites. This vulnerability affects all versions of the plugin up to and including 5.3.5. Exploitation of this vulnerability could potentially compromise the system or lead to data leakage, which makes the vulnerability particularly dangerous. This vulnerability [&hellip;]<\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"om_disable_all_campaigns":false,"footnotes":""},"categories":[1],"tags":[],"vendor":[],"product":[],"attack_vector":[],"asset_type":[],"severity":[],"exploit_status":[],"class_list":["post-38863","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/38863","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/comments?post=38863"}],"version-history":[{"count":14,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/38863\/revisions"}],"predecessor-version":[{"id":48938,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/posts\/38863\/revisions\/48938"}],"wp:attachment":[{"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/media?parent=38863"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/categories?post=38863"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/tags?post=38863"},{"taxonomy":"vendor","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/vendor?post=38863"},{"taxonomy":"product","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/product?post=38863"},{"taxonomy":"attack_vector","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/attack_vector?post=38863"},{"taxonomy":"asset_type","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/asset_type?post=38863"},{"taxonomy":"severity","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/severity?post=38863"},{"taxonomy":"exploit_status","embeddable":true,"href":"https:\/\/www.ameeba.com\/blog\/wp-json\/wp\/v2\/exploit_status?post=38863"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}