PT-2025-34199 · WordPress · Wp Webhooks
Phat Rio
·
Published
2025-08-21
·
Updated
2025-09-22
·
CVE-2025-8895
CVSS v3.1
9.8
Critical
| Vector | AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H |
Name of the Vulnerable Software and Affected Versions:
WP Webhooks plugin for WordPress versions up to and including 3.3.5
Description:
The WP Webhooks plugin for WordPress is susceptible to arbitrary file copy due to insufficient validation of user-supplied input. This allows unauthenticated attackers to copy arbitrary files on the affected server to arbitrary locations. Exploitation can involve copying the contents of
wp-config.php into a text file, potentially revealing database credentials when accessed through a web browser.Recommendations:
Update WP Webhooks plugin to a version later than 3.3.5.
Fix
Path traversal
Found an issue in the description? Have something to add? Feel free to write us 👾
Weakness Enumeration
Related Identifiers
Affected Products
Wp Webhooks