{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-7640", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-14T14:46:21.081Z", "datePublished": "2025-07-24T09:22:15.857Z", "dateUpdated": "2026-04-08T16:46:36.066Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:36.066Z"}, "affected": [{"vendor": "den-media", "product": "hiWeb Export Posts", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "0.9.0.0", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect nonce validation on the tool-dashboard-history.php file. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "title": "hiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38c23f59-8332-49ab-a219-1f5fac8a283c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/hiweb-export-posts/trunk/views/tool-dashboard-history.php#L3"}, {"url": "https://wordpress.org/plugins/hiweb-export-posts/"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "timeline": [{"time": "2025-07-23T20:47:08.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-07-24T13:15:26.874817Z", "id": "CVE-2025-7640", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-24T13:15:30.942Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-7640", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "total"}], "version": "2.0.3", "timestamp": "2025-07-24T13:15:26.874817Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-07-24T13:15:28.384Z"}}], "cna": {"title": "hiWeb Export Posts <= 0.9.0.0 - Cross-Site Request Forgery to Arbitrary File Deletion", "credits": [{"lang": "en", "type": "finder", "value": "JohSka"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H"}}], "affected": [{"vendor": "den-media", "product": "hiWeb Export Posts", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "0.9.0.0"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-23T20:47:08.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38c23f59-8332-49ab-a219-1f5fac8a283c?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/hiweb-export-posts/trunk/views/tool-dashboard-history.php#L3"}, {"url": "https://wordpress.org/plugins/hiweb-export-posts/"}], "descriptions": [{"lang": "en", "value": "The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect nonce validation on the tool-dashboard-history.php file. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:46:36.066Z"}}}, "cveMetadata": {"cveId": "CVE-2025-7640", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:46:36.066Z", "dateReserved": "2025-07-14T14:46:21.081Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-07-24T09:22:15.857Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The hiWeb Export Posts plugin for WordPress is vulnerable to Cross-Site Request Forgery in all versions up to, and including, 0.9.0.0. This is due to missing or incorrect nonce validation on the tool-dashboard-history.php file. This makes it possible for unauthenticated attackers to delete arbitrary files on the server, which can easily lead to remote code execution when the right file is deleted (such as wp-config.php), via a forged request granted they can trick a site administrator into performing an action such as clicking on a link."}, {"lang": "es", "value": "El complemento hiWeb Export Posts para WordPress es vulnerable a Cross-Site Request Forgery en todas las versiones hasta la 0.9.0.0 incluida. Esto se debe a la falta o la validaci\u00f3n incorrecta de nonce en el archivo tool-dashboard-history.php. Esto permite a atacantes no autenticados eliminar archivos arbitrarios en el servidor, lo que puede provocar f\u00e1cilmente la ejecuci\u00f3n remota de c\u00f3digo al eliminar el archivo correcto (como wp-config.php). Mediante una solicitud falsificada, pueden enga\u00f1ar al administrador del sitio para que realice una acci\u00f3n como hacer clic en un enlace."}], "id": "CVE-2025-7640", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "NONE", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "REQUIRED", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:N/UI:R/S:U/C:N/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.8, "impactScore": 5.2, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-07-24T10:15:28.137", "references": [{"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/hiweb-export-posts/trunk/views/tool-dashboard-history.php#L3"}, {"source": "security@wordfence.com", "url": "https://wordpress.org/plugins/hiweb-export-posts/"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/38c23f59-8332-49ab-a219-1f5fac8a283c?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T03:51:56.361154+00:00", "value": {"mitigation_remediation": ["Upgrade the hiWeb Export Posts plugin to a version newer than 0.9.0.0 once an update is available.", "If an upgrade is not possible, deactivate or uninstall the plugin from the WordPress installation.", "Consider deploying a web application firewall that blocks CSRF requests to the tool-dashboard-history.php endpoint, or add a custom rule that requires a valid nonce for any file deletion action."], "summary": {"action": "Apply Patch", "impact": "Remote code execution via arbitrary file deletion"}, "threat_synthesis": {"affected_systems": "WordPress sites that have installed the den\u2011media hiWeb Export Posts plugin in version 0.9.0.0 or earlier are affected. Any publisher using these plugin versions is at risk.", "description_and_impact": "The hiWeb Export Posts plugin for WordPress suffers from a CSRF flaw in its tool-dashboard-history.php file caused by missing or incorrect nonce validation. An attacker can forge a request that causes the site administrator to delete any file on the server, including critical files such as wp-config.php, which can then allow remote code execution. This flaw gives unauthenticated attackers the ability to alter filesystem contents without needing to authenticate themselves.", "risk_and_exploitability": "The CVSS score of 8.1 indicates a high severity vulnerability with a high impact and a need for rapid mitigation. The EPSS score of less than 1% suggests a low but non\u2011zero probability of exploitation in the wild and the vulnerability is not currently listed in the CISA KEV catalog. Exploitability requires only a forged HTTP request and may be delivered via social engineering; no user authentication is required, making the attack surface broad for any site with an administrator who could be tricked into clicking a malicious link."}}}}, "created": "2025-07-24T21:26:40.786188+00:00", "updated": "2026-04-21T04:00:10.059120+00:00", "vendors": ["wordpress", "wordpress$PRODUCT$wordpress"]}