CyberSecurity news

FlagThis

Rescana@Rescana //
A critical vulnerability, tracked as CVE-2025-26909, has been identified in the WP Ghost plugin, a popular WordPress security plugin used by over 200,000 websites. This Local File Inclusion (LFI) flaw can escalate to Remote Code Execution (RCE), potentially allowing attackers to gain complete control over affected web servers without authentication. The vulnerability stems from insufficient validation of user-supplied input through the URL path, specifically within the `showFile` function invoked by the `maybeShowNotFound` function.

This flaw allows unauthenticated users to manipulate the URL to trigger file inclusion, potentially leading to arbitrary code execution, especially when the "Change Paths" feature is set to Lite or Ghost mode. Exploit techniques such as `php://filter` chains and leveraging `PHP_SESSION_UPLOAD_PROGRESS` can be used. Website administrators are strongly advised to immediately update their WP Ghost plugin to the latest version 5.4.02 to mitigate this severe security risk and implement additional security measures.

In related news, GoDaddy Security researchers have uncovered a long-running malware operation named DollyWay, which targets visitors of infected WordPress sites. This campaign utilizes injected redirect scripts and a distributed network of TDS nodes hosted on compromised websites to redirect users to malicious sites. This highlights the broader issue of WordPress plugin vulnerabilities and the importance of maintaining strong security practices, including regular updates and vigilance.
Original img attribution: https://static.wixstatic.com/media/eee5a8_334dd98ef7a04eacbcb3864434a880f5~mv2.png/v1/fill/w_1000,h_1000,al_c,q_90,usm_0.66_1.00_0.01/eee5a8_334dd98ef7a04eacbcb3864434a880f5~mv2.png
ImgSrc: static.wixstati

Share: bluesky twitterx--v2 facebook--v1 threads


References :
  • Sam Bent: Critical Vulnerability Discovered in WP Ghost Plugin: Unauthenticated Remote Code Execution Possible
  • Virus Bulletin: GoDaddy Security researchers have uncovered long-running malware operation DollyWay, which primarily targets visitors of infected WordPress sites via injected redirect scripts that employ a distributed network of TDS nodes hosted on compromised websites.
  • Rescana: Critical CVE-2025-26909 Vulnerability in WP Ghost Plugin: Immediate Update Required for Over 200,000 Websites
  • The DefendOps Diaries: Explore the critical CVE-2025-26909 vulnerability in WP Ghost plugin and learn how to mitigate its risks.
Classification: