PT-2025-29542 · WordPress · Restrict File Access
Johannes Skamletz
+1
·
Published
2025-07-15
·
Updated
2025-07-31
·
CVE-2025-7667
CVSS v3.1
8.1
High
| Vector | AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H |
Name of the Vulnerable Software and Affected Versions
Restrict File Access plugin for WordPress versions up to and including 1.1.2
Description
The Restrict File Access plugin for WordPress is susceptible to Cross-Site Request Forgery due to missing or incorrect nonce validation on the 'restrict-file-access' page. This allows unauthenticated attackers to delete arbitrary files on the server, potentially leading to remote code execution if a critical file, such as
wp-config.php, is deleted through a forged request initiated by tricking a site administrator into performing an action.Recommendations
Update the Restrict File Access plugin to a version later than 1.1.2.
Fix
RCE
CSRF
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Restrict File Access