{"id":79359,"date":"2025-09-29T19:54:54","date_gmt":"2025-09-29T19:54:54","guid":{"rendered":""},"modified":"2025-10-22T19:06:02","modified_gmt":"2025-10-23T01:06:02","slug":"cve-2025-9321-code-injection-vulnerability-in-wpcasa-wordpress-plugin","status":"publish","type":"post","link":"https:\/\/www.ameeba.com\/blog\/cve-2025-9321-code-injection-vulnerability-in-wpcasa-wordpress-plugin\/","title":{"rendered":"CVE-2025-9321: Code Injection Vulnerability in WPCasa WordPress Plugin<\/strong>"},"content":{"rendered":"

Overview<\/strong><\/p>\n

The CVE-2025-9321 is a severe vulnerability identified in the WPCasa plugin for WordPress. It affects all versions up to and including 1.4.1. This vulnerability is of particular concern due to its potential to facilitate code<\/a> injection. Code injection<\/a> is a security exploit where an attacker introduces malicious code into a program, which is then executed by that program. This exploit can lead to unauthorized access, data breaches, and potential system<\/a> compromise.
\nThis vulnerability matters because WordPress<\/a> powers a significant portion of the internet\u2019s websites. Therefore, any vulnerability associated with it could potentially<\/a> affect millions of websites and their users. The WPCasa plugin, used to build real estate websites, is widely adopted, making the impact of the vulnerability<\/a> substantial.<\/p>\n

Vulnerability Summary<\/strong><\/p>\n

CVE ID: CVE-2025-9321
\nSeverity: Critical (9.8 CVSS Score)
\nAttack Vector: Network
\nPrivileges Required: None
\nUser Interaction: None
\nImpact: System Compromise<\/a>, Data Leakage<\/p>\n

Affected Products<\/strong><\/p>

\r\n

\r\n \r\n \"Ameeba\r\n <\/a>\r\n A new way to communicate\r\n <\/h2>\r\n\r\n

\r\n Ameeba Chat is built on encrypted identity, not personal profiles.\r\n <\/p>\r\n\r\n

\r\n Message, call, share files, and coordinate with identities kept separate.\r\n <\/p>\r\n\r\n