{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-8081", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-07-23T12:26:55.980Z", "datePublished": "2025-08-12T05:27:09.305Z", "dateUpdated": "2026-04-08T16:36:39.960Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:39.960Z"}, "affected": [{"vendor": "elemntor", "product": "Elementor Website Builder \u2013 more than just a page builder", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "3.30.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "title": "Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13929b51-b32e-401c-a642-49f7cd2d07bf?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.30.2/includes/template-library/classes/class-import-images.php#L111"}, {"url": "https://github.com/elementor/elementor/commit/6af3551ee4213fb4003338743e22f41aa2a09c01"}, {"url": "https://plugins.trac.wordpress.org/changeset/3332233/elementor/trunk/includes/template-library/classes/class-import-images.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')", "cweId": "CWE-22", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "baseScore": 4.9, "baseSeverity": "MEDIUM"}}], "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "timeline": [{"time": "2025-07-10T00:00:00.000Z", "lang": "en", "value": "Discovered"}, {"time": "2025-07-10T16:15:53.000Z", "lang": "en", "value": "Vendor Notified"}, {"time": "2025-08-11T17:08:06.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-08-12T13:58:07.826151Z", "id": "CVE-2025-8081", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T13:58:18.633Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-8081", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-08-12T13:58:07.826151Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-08-12T13:58:14.003Z"}}], "cna": {"title": "Elementor <= 3.30.2 - Authenticated (Administrator+) Arbitrary File Read via Image Import", "credits": [{"lang": "en", "type": "finder", "value": "Michael Mazzolini"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 4.9, "baseSeverity": "MEDIUM", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N"}}], "affected": [{"vendor": "elemntor", "product": "Elementor Website Builder \u2013 more than just a page builder", "versions": [{"status": "affected", "version": "0", "versionType": "semver", "lessThanOrEqual": "3.30.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-07-10T00:00:00.000Z", "value": "Discovered"}, {"lang": "en", "time": "2025-07-10T16:15:53.000Z", "value": "Vendor Notified"}, {"lang": "en", "time": "2025-08-11T17:08:06.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13929b51-b32e-401c-a642-49f7cd2d07bf?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.30.2/includes/template-library/classes/class-import-images.php#L111"}, {"url": "https://github.com/elementor/elementor/commit/6af3551ee4213fb4003338743e22f41aa2a09c01"}, {"url": "https://plugins.trac.wordpress.org/changeset/3332233/elementor/trunk/includes/template-library/classes/class-import-images.php"}], "descriptions": [{"lang": "en", "value": "The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-22", "description": "CWE-22 Improper Limitation of a Pathname to a Restricted Directory ('Path Traversal')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T16:36:39.960Z"}}}, "cveMetadata": {"cveId": "CVE-2025-8081", "state": "PUBLISHED", "dateUpdated": "2026-04-08T16:36:39.960Z", "dateReserved": "2025-07-23T12:26:55.980Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-08-12T05:27:09.305Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.2"}

{"configurations": [{"nodes": [{"cpeMatch": [{"criteria": "cpe:2.3:a:elementor:website_builder:*:*:*:*:free:wordpress:*:*", "matchCriteriaId": "E80B1F63-D727-449E-8363-EE1BC6FB1BF9", "versionEndExcluding": "3.30.3", "vulnerable": true}], "negate": false, "operator": "OR"}]}], "cveTags": [], "descriptions": [{"lang": "en", "value": "The Elementor plugin for WordPress is vulnerable to Arbitrary File Read in all versions up to, and including, 3.30.2 via the Import_Images::import() function due to insufficient controls on the filename specified. This makes it possible for authenticated attackers, with administrator-level access and above, to read the contents of arbitrary files on the server, which can contain sensitive information."}, {"lang": "es", "value": "El complemento Elementor para WordPress es vulnerable a la lectura arbitraria de archivos en todas las versiones hasta la 3.30.2 incluida, a trav\u00e9s de la funci\u00f3n Import_Images::import(), debido a controles insuficientes en el nombre de archivo especificado. Esto permite que atacantes autenticados, con acceso de administrador o superior, lean el contenido de archivos arbitrarios en el servidor, que pueden contener informaci\u00f3n confidencial."}], "id": "CVE-2025-8081", "lastModified": "2025-08-15T18:00:55.213", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "LOW", "attackVector": "NETWORK", "availabilityImpact": "NONE", "baseScore": 4.9, "baseSeverity": "MEDIUM", "confidentialityImpact": "HIGH", "integrityImpact": "NONE", "privilegesRequired": "HIGH", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:L/PR:H/UI:N/S:U/C:H/I:N/A:N", "version": "3.1"}, "exploitabilityScore": 1.2, "impactScore": 3.6, "source": "security@wordfence.com", "type": "Primary"}]}, "published": "2025-08-12T06:15:26.403", "references": [{"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://github.com/elementor/elementor/commit/6af3551ee4213fb4003338743e22f41aa2a09c01"}, {"source": "security@wordfence.com", "tags": ["Product"], "url": "https://plugins.trac.wordpress.org/browser/elementor/tags/3.30.2/includes/template-library/classes/class-import-images.php#L111"}, {"source": "security@wordfence.com", "tags": ["Patch"], "url": "https://plugins.trac.wordpress.org/changeset/3332233/elementor/trunk/includes/template-library/classes/class-import-images.php"}, {"source": "security@wordfence.com", "tags": ["Third Party Advisory"], "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/13929b51-b32e-401c-a642-49f7cd2d07bf?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Analyzed", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-22"}], "source": "security@wordfence.com", "type": "Primary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-22T14:30:27.209703+00:00", "value": {"mitigation_remediation": ["Upgrade Elementor to the latest version that addresses the file name validation issue.", "If upgrading is not possible, restrict or remove the image import feature from the plugin or block access to the Import_Images::import() method for non\u2011essential roles.", "Implement monitoring or logging of file read operations to detect suspicious activity, especially by administrator accounts.", "Apply file system permissions that prevent the WordPress process from accessing directories that contain sensitive files."], "summary": {"action": "Apply Patch", "impact": "Arbitrary File Read"}, "threat_synthesis": {"affected_systems": "All installations of Elementor version 3.30.2 or earlier on any WordPress site, including both free and commercial deployments of the Elementor Website Builder plugin. The vulnerability affects the entire plugin and not any specific sub\u2011components beyond the image import functionality.", "description_and_impact": "The Elementor plugin for WordPress contains a file name validation flaw in the Import_Images::import() method, allowing an authenticated user with administrator privileges or higher to read the contents of arbitrary files on the server. This flaw falls under CWE-22 and can lead to the disclosure of sensitive data such as configuration files, credentials, or any files accessible to the web application. The risk is limited to confidentiality exposure; the flaw does not directly provide code execution or denial of service.", "risk_and_exploitability": "The CVSS score of 4.9 categorizes the vulnerability as moderate, and the EPSS score of less than 1% indicates a low current exploitation probability. The flaw is not listed in the CISA KEV catalog. Exploitation requires that the attacker already has administrator-level access on the WordPress site. No additional network access is needed beyond what an authenticated administrator possesses. The attack vector is therefore internal to the WordPress environment and is most likely to be abused by compromised or malicious administrative accounts."}}}}, "created": "2025-08-12T19:53:22.713878+00:00", "updated": "2026-04-22T14:45:19.271626+00:00", "vendors": ["elementor", "elementor$PRODUCT$elementor", "wordpress", "wordpress$PRODUCT$wordpress"]}