WordPress Kubio AI Page Builder Local File Inclusion (LFI) Vulnerability

漏洞信息

漏洞名称: WordPress Kubio AI Page Builder Local File Inclusion (LFI) Vulnerability

漏洞编号:

  • CVE: CVE-2025-2294

漏洞类型: 文件包含

漏洞等级: 严重

漏洞描述: Kubio AI Page Builder是WordPress的一个插件,用于帮助用户通过AI技术快速构建和设计网页。它广泛应用于需要快速部署和设计网站的场景,尤其是那些缺乏专业网页设计知识的用户。该插件因其易用性和强大的功能而受到许多WordPress网站管理员的青睐。

该漏洞属于本地文件包含(LFI)类型,源于thekubio_hybrid_theme_load_template函数未对用户输入进行充分验证,导致攻击者可以通过构造特殊的HTTP请求参数,包含并执行服务器上的任意文件。这种漏洞的根源在于对用户提供的文件路径参数缺乏严格的过滤和限制。

此漏洞的影响极为严重,攻击者无需认证即可利用此漏洞,可能导致敏感信息泄露(如读取/etc/passwd文件)、绕过访问控制,甚至在特定条件下实现远程代码执行(如果攻击者能够上传恶意文件)。由于攻击复杂度低且影响范围广,该漏洞被评定为严重级别。攻击者可以利用此漏洞对目标网站进行自动化攻击,对网站的安全性和数据的机密性构成重大威胁。

产品厂商: WordPress

产品名称: Kubio AI Page Builder

影响版本: ≤ 2.5.1

来源: https://github.com/r0otk3r/CVE-2025-2294

类型: CVE-2025:github search

仓库文件

  • README.md
  • cve_2025_2294.py

来源概述

CVE-2025-2294 - WordPress Kubio AI Page Builder <= 2.5.1 - Local File Inclusion (LFI) Exploit

Overview

CVE-2025-2294 affects the Kubio AI Page Builder plugin for WordPress (versions up to and including 2.5.1). It suffers from an unauthenticated Local File Inclusion (LFI) vulnerability via the thekubio_hybrid_theme_load_template function.

This vulnerability allows an attacker to include and execute arbitrary files on the vulnerable WordPress server, which can lead to:

  • Bypassing access controls
  • Reading sensitive server files
  • Remote code execution (if attacker can upload malicious PHP files disguised as safe file types)

Vulnerability Details

  • Vulnerability Type: Local File Inclusion (LFI)
  • Affected Plugin: Kubio AI Page Builder
  • Affected Versions: ≤ 2.5.1
  • Attack Vector: Unauthenticated HTTP request with crafted parameters
  • Exploitability: High
  • CVSS Score: 9.8 (Critical) [CNA: Wordfence]

Exploit Script Description

This Python script sends specially crafted HTTP GET requests to the vulnerable WordPress site to verify if it is vulnerable to the LFI issue.

Features:

  • Test a single URL or multiple targets from a file.
  • Customizable payload for arbitrary file inclusion (default: /etc/passwd).
  • Save full response to file.
  • Preview first N lines of the response for quick validation.
  • Support for HTTP proxy.
  • Check-only mode for vulnerability scanning without saving output.

Usage

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
usage: cve_2025_2294.py [-h] [--url URL] [--payload PAYLOAD] [--save SAVE]
                        [--lines LINES] [--timeout TIMEOUT] [--proxy PROXY]
                        [--check] [--list LIST]

CVE-2025-2294 LFI Exploit

optional arguments:
  -h, --help       show this help message and exit
  --url URL        Target URL (e.g., http://127.0.0.1:8080)
  --payload PAYLOAD
                   LFI payload path (default: ../../../../../../../../etc/passwd)
  --save SAVE      Save full response to file (optional)
  --lines LINES    Number of preview lines (default: 10)
  --timeout TIMEOUT
                   Request timeout in seconds (default: 10)
  --proxy PROXY    Proxy URL (e.g., http://127.0.0.1:8080)
  --check          Check vulnerability status only, no saving or preview
  --list LIST      Path to file with list of URLs to check one by one

Advanced example with custom payload, proxy, and longer preview:

1
python3 cve_2025_2294.py --url "http://192.168.1.10" --save loot.txt --lines 20 --payload /etc/passwd --timeout 10 --proxy "http://127.0.0.1:8080"
Screenshot_2025-07-27_16_32_55

Request/Response:

Screenshot_2025-07-28_02_22_52

⚠️ Disclaimer

This tool is intended for authorized security testing and research purposes only. Unauthorized use against systems without permission is illegal and unethical.

Official Channels

Github Poc
#CVE-2025:github search #文件包含
WordPress Kubio AI Page Builder Local File Inclusion (LFI) Vulnerability
http://example.com/2025/07/28/github_4262933529/
作者
lianccc
发布于
2025年7月28日
许可协议