{"dataType": "CVE_RECORD", "dataVersion": "5.2", "cveMetadata": {"cveId": "CVE-2025-9993", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "state": "PUBLISHED", "assignerShortName": "Wordfence", "dateReserved": "2025-09-04T14:36:59.293Z", "datePublished": "2025-09-30T03:35:27.453Z", "dateUpdated": "2026-04-08T17:04:10.697Z"}, "containers": {"cna": {"providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2026-04-08T17:04:10.697Z"}, "affected": [{"vendor": "d3rd4v1d", "product": "Bei Fen \u2013 WordPress Backup Plugin", "versions": [{"version": "0", "status": "affected", "lessThanOrEqual": "1.4.2", "versionType": "semver"}], "defaultStatus": "unaffected"}], "descriptions": [{"lang": "en", "value": "The Bei Fen \u2013 WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. This only affects instances running PHP 7.1 or older."}], "title": "Bei Fen \u2013 WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion", "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/839c3b99-189d-4a74-b295-d44eb39d86c8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bei-fen/trunk/beifen.php#L185"}, {"url": "https://plugins.svn.wordpress.org/bei-fen/trunk/beifen.php"}], "problemTypes": [{"descriptions": [{"lang": "en", "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')", "cweId": "CWE-98", "type": "CWE"}]}], "metrics": [{"cvssV3_1": {"version": "3.1", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "baseScore": 8.1, "baseSeverity": "HIGH"}}], "credits": [{"lang": "en", "type": "finder", "value": "Aril Aprilio"}], "timeline": [{"time": "2025-09-29T15:30:29.000Z", "lang": "en", "value": "Disclosed"}]}, "adp": [{"metrics": [{"other": {"type": "ssvc", "content": {"timestamp": "2025-09-30T15:25:40.450440Z", "id": "CVE-2025-9993", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "role": "CISA Coordinator", "version": "2.0.3"}}}], "title": "CISA ADP Vulnrichment", "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T15:25:50.986Z"}}]}}

{"dataType": "CVE_RECORD", "containers": {"adp": [{"title": "CISA ADP Vulnrichment", "metrics": [{"other": {"type": "ssvc", "content": {"id": "CVE-2025-9993", "role": "CISA Coordinator", "options": [{"Exploitation": "none"}, {"Automatable": "no"}, {"Technical Impact": "partial"}], "version": "2.0.3", "timestamp": "2025-09-30T15:25:40.450440Z"}}}], "providerMetadata": {"orgId": "134c704f-9b21-4f2e-91b3-4a467353bcc0", "shortName": "CISA-ADP", "dateUpdated": "2025-09-30T15:25:45.713Z"}}], "cna": {"title": "Bei Fen \u2013 WordPress Backup Plugin <= 1.4.2 - Authenticated (Subscriber+) Local File Inclusion", "credits": [{"lang": "en", "type": "finder", "value": "Aril Aprilio"}], "metrics": [{"cvssV3_1": {"version": "3.1", "baseScore": 8.1, "baseSeverity": "HIGH", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H"}}], "affected": [{"vendor": "d3rd4v1d", "product": "Bei Fen \u2013 WordPress Backup Plugin", "versions": [{"status": "affected", "version": "*", "versionType": "semver", "lessThanOrEqual": "1.4.2"}], "defaultStatus": "unaffected"}], "timeline": [{"lang": "en", "time": "2025-09-29T15:30:29.000Z", "value": "Disclosed"}], "references": [{"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/839c3b99-189d-4a74-b295-d44eb39d86c8?source=cve"}, {"url": "https://plugins.trac.wordpress.org/browser/bei-fen/trunk/beifen.php#L185"}, {"url": "https://plugins.svn.wordpress.org/bei-fen/trunk/beifen.php"}], "descriptions": [{"lang": "en", "value": "The Bei Fen \u2013 WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. This only affects instances running PHP 7.1 or older."}], "problemTypes": [{"descriptions": [{"lang": "en", "type": "CWE", "cweId": "CWE-98", "description": "CWE-98 Improper Control of Filename for Include/Require Statement in PHP Program ('PHP Remote File Inclusion')"}]}], "providerMetadata": {"orgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "shortName": "Wordfence", "dateUpdated": "2025-09-30T03:35:27.453Z"}}}, "cveMetadata": {"cveId": "CVE-2025-9993", "state": "PUBLISHED", "dateUpdated": "2025-09-30T15:25:50.986Z", "dateReserved": "2025-09-04T14:36:59.293Z", "assignerOrgId": "b15e7b5b-3da4-40ae-a43c-f7aa60e62599", "datePublished": "2025-09-30T03:35:27.453Z", "assignerShortName": "Wordfence"}, "dataVersion": "5.1"}

{"cveTags": [], "descriptions": [{"lang": "en", "value": "The Bei Fen \u2013 WordPress Backup Plugin plugin for WordPress is vulnerable to Local File Inclusion in all versions up to, and including, 1.4.2 via the 'task'. This makes it possible for authenticated attackers, with Subscriber-level access and above, to include and execute arbitrary .php files on the server, allowing the execution of any PHP code in those files. This can be used to bypass access controls, obtain sensitive data, or achieve code execution in cases where .php file types can be uploaded and included. This only affects instances running PHP 7.1 or older."}, {"lang": "es", "value": "El plugin Bei Fen \u2013 WordPress Backup Plugin para WordPress es vulnerable a la inclusi\u00f3n local de ficheros en todas las versiones hasta la 1.4.2, inclusive, a trav\u00e9s del par\u00e1metro 'task'. Esto hace posible que atacantes autenticados, con acceso de nivel Suscriptor y superior, incluyan y ejecuten ficheros .php arbitrarios en el servidor, permitiendo la ejecuci\u00f3n de cualquier c\u00f3digo PHP en esos ficheros. Esto puede usarse para eludir los controles de acceso, obtener datos sensibles o lograr la ejecuci\u00f3n de c\u00f3digo en casos donde los tipos de fichero .php pueden ser subidos e incluidos. Esto solo afecta a las instancias que ejecutan PHP 7.1 o versiones anteriores."}], "id": "CVE-2025-9993", "lastModified": "2026-04-15T00:35:42.020", "metrics": {"cvssMetricV31": [{"cvssData": {"attackComplexity": "HIGH", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "baseScore": 8.1, "baseSeverity": "HIGH", "confidentialityImpact": "HIGH", "integrityImpact": "HIGH", "privilegesRequired": "NONE", "scope": "UNCHANGED", "userInteraction": "NONE", "vectorString": "CVSS:3.1/AV:N/AC:H/PR:N/UI:N/S:U/C:H/I:H/A:H", "version": "3.1"}, "exploitabilityScore": 2.2, "impactScore": 5.9, "source": "security@wordfence.com", "type": "Secondary"}]}, "published": "2025-09-30T11:37:47.950", "references": [{"source": "security@wordfence.com", "url": "https://plugins.svn.wordpress.org/bei-fen/trunk/beifen.php"}, {"source": "security@wordfence.com", "url": "https://plugins.trac.wordpress.org/browser/bei-fen/trunk/beifen.php#L185"}, {"source": "security@wordfence.com", "url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/839c3b99-189d-4a74-b295-d44eb39d86c8?source=cve"}], "sourceIdentifier": "security@wordfence.com", "vulnStatus": "Deferred", "weaknesses": [{"description": [{"lang": "en", "value": "CWE-98"}], "source": "security@wordfence.com", "type": "Secondary"}]}

{}

{"analysis": {"en": {"generated_at": "2026-04-21T02:43:47.937692+00:00", "value": {"mitigation_remediation": ["Upgrade the Bei Fen \u2013 WordPress Backup Plugin to the latest version that addresses the LFI flaw.", "Upgrade the PHP runtime to version 7.2 or later to remove the affected PHP version range, or otherwise ensure the site does not use PHP\u00a07.1 or older.", "Restrict file upload permissions for Subscriber\u2011level users or enforce strict file type checks to prevent upload of .php files that could be included by the plugin."], "summary": {"action": "Update Plugin", "impact": "Local File Inclusion leading to code execution"}, "threat_synthesis": {"affected_systems": "Affected systems are WordPress sites that have the Bei Fen \u2013 WordPress Backup Plugin version 1.4.2 or earlier installed. The publisher is d3rd4v1d. The issue is relevant for servers running PHP 7.1 or older, as newer PHP versions are not impacted by this flaw.", "description_and_impact": "The Bei Fen \u2013 WordPress Backup Plugin is vulnerable to a Local File Inclusion (LFI) attack through the \"task\" parameter in all versions up to 1.4.2. Authenticated users with Subscriber level or higher can requested arbitrary .php files to be included and executed on the server, allowing the attacker to run arbitrary PHP code. This flaw can be used to bypass access controls, steal sensitive information, or compromise the entire site. The vulnerability is classified as CWE\u201198 and only affects WordPress installations running PHP 7.1 or older.", "risk_and_exploitability": "The severity of this vulnerability is high, with a CVSS score of 8.1, while the EPSS score is below 1%, indicating a low probability of exploitation at this time. It is not listed in the CISA KEV catalog. The attack vector requires that the attacker is an authenticated user with at least Subscriber\u2011level access and that a .php file is available for inclusion, either through upload or by other means. With those conditions, the attacker can execute arbitrary PHP code, potentially taking full control of the affected server."}}}}, "created": "2025-09-30T08:47:21.398832+00:00", "updated": "2026-04-21T02:45:25.957939+00:00", "vendors": ["d3rd4v1d", "d3rd4v1d$PRODUCT$bei_fen", "wordpress", "wordpress$PRODUCT$wordpress"]}